SuchSecurity Ransomware
Posted: March 8, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 2,548 |
First Seen: | March 8, 2017 |
---|---|
Last Seen: | May 30, 2023 |
OS(es) Affected: | Windows |
The SuchSecurity Ransomware is a Trojan based on EDA2, and, like other derivatives of that project, can lock your files by encrypting them. Its author may use these attacks for extorting money without a guarantee of reciprocal recovery services, which malware experts recommend circumventing by keeping backups of your media. Standard anti-malware protection also may preempt any attempted ransoming attacks by blocking and removing the SuchSecurity Ransomware immediately.
Memes in Your Money-Making Threat
The lesser-used younger sibling of Hidden Tear, EDA2, retains some value to con artists wanting to create file-encrypting threats without spending much time on their development cycles. Cyber security industry experts managed to detect the SuchSecurity Ransomware before it became a fully-working campaign, and all samples malware experts are analyzing are incomplete. However, the current versions of this threat provide working models for how the SuchSecurity Ransomware could attack its future victims.
The SuchSecurity Ransomware uses a combination of Registry changes and active monitoring of those entries to maintain persistence as a background process on an infected PC. It also includes network support for storing the key required for reversing its primary attack, a file-locking encryption feature. The payload attempts to encrypt and lock any files from a list of twenty formats, consisting of documents, Web pages, spreadsheets, pictures and similar media. It finishes by adding '.locked' extensions to the now-blocked media (similarly to the FabSysCrypto Ransomware). However, malware experts only confirm the targeting of content within a 'test' folder.
The SuchSecurity Ransomware also hijacks the user's desktop to display a minimally-informative image of a dog meme and a warning that it has hacked the PC. Future versions of the SuchSecurity Ransomware are likely to include revisions, such as text-based ransom messages and targeting files outside of the previous directory.
Keeping Your PC's Security from Getting Sarcastic Rejoinders
While it's not yet fully-developed, the SuchSecurity Ransomware needs few configuration changes to be capable of attacking and locking a PC's media. The use of EDA2 also adds extra difficulty into the path of anyone trying to restore their unusable files without the help of a backup. Malware experts suggest keeping backups on external services or devices to reduce any potential for interference by the SuchSecurity Ransomware, whose family is noteworthy for erasing local backups.
Although encryption attacks sometimes are impenetrable to standard decoding attempts, the SuchSecurity Ransomware, like all threats, requires early security mistakes to compromise your PC. Most anti-malware products developed by reputable cyber security companies have competent detection ratios for the EDA2 derivatives. If they're active, patched, and able to scan newly-downloaded files, your standard security solutions should delete the SuchSecurity Ransomware without a chance of its encrypting anything.
The SuchSecurity Ransomware is incomplete, but its lack of a current release shouldn't lull readers into having unsafe Web-browsing habits. If nothing else, it serves as one of the many signals that threat authors are hard at work to attack your PC and take your money, even if they need your help to do it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.