SuchSecurity Ransomware

Posted: March 8, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	2,548

First Seen:	March 8, 2017
Last Seen:	May 30, 2023
OS(es) Affected:	Windows

The SuchSecurity Ransomware is a Trojan based on EDA2, and, like other derivatives of that project, can lock your files by encrypting them. Its author may use these attacks for extorting money without a guarantee of reciprocal recovery services, which malware experts recommend circumventing by keeping backups of your media. Standard anti-malware protection also may preempt any attempted ransoming attacks by blocking and removing the SuchSecurity Ransomware immediately.

Memes in Your Money-Making Threat

The lesser-used younger sibling of Hidden Tear, EDA2, retains some value to con artists wanting to create file-encrypting threats without spending much time on their development cycles. Cyber security industry experts managed to detect the SuchSecurity Ransomware before it became a fully-working campaign, and all samples malware experts are analyzing are incomplete. However, the current versions of this threat provide working models for how the SuchSecurity Ransomware could attack its future victims.

The SuchSecurity Ransomware uses a combination of Registry changes and active monitoring of those entries to maintain persistence as a background process on an infected PC. It also includes network support for storing the key required for reversing its primary attack, a file-locking encryption feature. The payload attempts to encrypt and lock any files from a list of twenty formats, consisting of documents, Web pages, spreadsheets, pictures and similar media. It finishes by adding '.locked' extensions to the now-blocked media (similarly to the FabSysCrypto Ransomware). However, malware experts only confirm the targeting of content within a 'test' folder.

The SuchSecurity Ransomware also hijacks the user's desktop to display a minimally-informative image of a dog meme and a warning that it has hacked the PC. Future versions of the SuchSecurity Ransomware are likely to include revisions, such as text-based ransom messages and targeting files outside of the previous directory.

Keeping Your PC's Security from Getting Sarcastic Rejoinders

While it's not yet fully-developed, the SuchSecurity Ransomware needs few configuration changes to be capable of attacking and locking a PC's media. The use of EDA2 also adds extra difficulty into the path of anyone trying to restore their unusable files without the help of a backup. Malware experts suggest keeping backups on external services or devices to reduce any potential for interference by the SuchSecurity Ransomware, whose family is noteworthy for erasing local backups.

Although encryption attacks sometimes are impenetrable to standard decoding attempts, the SuchSecurity Ransomware, like all threats, requires early security mistakes to compromise your PC. Most anti-malware products developed by reputable cyber security companies have competent detection ratios for the EDA2 derivatives. If they're active, patched, and able to scan newly-downloaded files, your standard security solutions should delete the SuchSecurity Ransomware without a chance of its encrypting anything.

The SuchSecurity Ransomware is incomplete, but its lack of a current release shouldn't lull readers into having unsafe Web-browsing habits. If nothing else, it serves as one of the many signals that threat authors are hard at work to attack your PC and take your money, even if they need your help to do it.

SuchSecurity Ransomware

Threat Metric

Memes in Your Money-Making Threat

Keeping Your PC's Security from Getting Sarcastic Rejoinders

Leave a Reply