Home Malware Programs Ransomware SuperB Ransomware

SuperB Ransomware

Posted: September 11, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 14
First Seen: September 13, 2017
Last Seen: October 21, 2020
OS(es) Affected: Windows

The SuperB Ransomware is a Trojan that blocks your files by converting them to data-encrypted formats. The Trojan's payload also may entail hijacking your desktop's background, creating pop-ups, placing new extensions on your files' names, deleting backups and disabling some security software. Always have backups to keep threats of this category from dealing any permanent damage to the contents of your PC and use professional anti-malware products for uninstalling the SuperB Ransomware when possible.

Trojans Guaranteeing a Super Time for Your Files

A new campaign for using encryption to extort money from PC users is underway, with a working ransom-processing page that its author is borrowing from the old Cryptorbit Ransomware attacks of three years ago. Malware experts can find no hard evidence of the SuperB Ransomware's been an update to the previous threat, whose Web page templates also have had similar reuse in the CryptoBit Ransomware campaign. Despite its being a new program, the SuperB Ransomware infections may retain a very similar capability for encoding your files.

Threat actors may attach the SuperB Ransomware to email messages, crafting it to look like a workplace document, an invoice, or a news article, circulate it through piracy software-related domains or install it with the help of third parties like the RIG Exploit Kit. After achieving system access, the SuperB Ransomware scans for files that it can encrypt with a cipher malware experts still are identifying, although most file-locking threats use some variation of the AES encoding. Any encoded and locked files are detectable visually from the '.superB' extensions the SuperB Ransomware appends to their names.

The SuperB Ransomware also may change the Windows wallpaper to an image it chooses, drop text messages on your desktop, or generate pop-ups in various formats. Ransoming instructions from the SuperB Ransomware redirect any victims to its TOR website, which, as noted earlier, is a clone of the Cryptorbit Ransomware's domain. The threat actors are setting all ransoms to a static payment of three hundred USD, with the Bitcoin currency specified to prevent any refunds from taking place without their permission. As usual, victims are asked to take the risk of paying for a separate decryption service that may not arrive.

A Superb Solution to New File-Locking Threats

While the SuperB Ransomware doesn't drop its decryption component in the same payload as its encryption feature, victims may be able to unlock their files with a third-party application. Help from specialized anti-malware researchers can ascertain whether or not this threat's cipher is capable of being broken by decryption programs that are freely available for downloading. Otherwise, malware experts recommend having backups to recover without the need to decode your files.

The current investigation of the SuperB Ransomware's campaign has yet to confirm which installation exploits its author is using to compromise vulnerable PCs. In addition to disguising the SuperB Ransomware as a non-corrupted file, threat actors also may install the Trojan personally after cracking a server's login credentials or enabling Remote Desktop features. Always allow your anti-malware programs to scan new downloads to identify and remove the SuperB Ransomware immediately and use appropriately secure passwords for cutting the risk of brute-force attacks.

Whether or not your media is worth hundreds of dollars is up to you to decide. However, no matter how expensive or cheap your files are, letting the SuperB Ransomware take control of your digital belongings is an experience that only rewards its extortionists.

Related Posts

Loading...