SymmyWare Ransomware

The SymmyWare Ransomware is a variant of Hidden Tear, a formerly-public demonstration of a file-locker Trojan. Members of this family use the AES encryption for blocking files in multiple locations on your computer, although they refrain from damaging the operating system. Ignore the ransoming demands that this Trojan delivers, if possible, use backups or free decryption tools for recovering any data, and remove the SymmyWare Ransomware with an updated anti-malware product.

Reading Ransom Messages with Everything but the Final Tally

A threat actor is customizing one of the latest versions of Hidden Tear for a campaign of his own, with plans of locking files and selling decryption services to his victims after the fact. While most of the payload is functional already due to using the previous code of the HT software, malware researchers are also finding some indicators of the SymmyWare Ransomware's being not ready for public release. Despite that caveat, the users should anticipate the SymmyWare Ransomware's live distribution in a matter of days, given how close it is to completion.

The SymmyWare Ransomware uses an AES-128 cryptographic cipher for locking the files on infected PCs, such as JPG or GIF pictures, documents, spreadsheets, archives and other media. It may barricade the contents of multiple directories, including the desktop, without creating symptoms besides a temporary, seconds-long screen blackout. It also appends a different extension from the other, recent versions of Hidden Tear (in the SymmyWare Ransomware's case, 'SYMMYWARE'). Despite the cosmetic change, malware researchers are finding similarities between the SymmyWare Ransomware and HT variants like the SnowPicnic Ransomware, the Scrabber Ransomware and the EnybenyCrypt Ransomware.

The threat actor also is using the very typical method of creating desktop Notepad messages with his ransoming instructions, which ask for Bitcoins. Although most of the text is complete, the SymmyWare Ransomware doesn't provide a payment sum, which is a telltale clue of it being in the middle of its development. Users shouldn't assume that the 'final product' will restore their files at no charge and should keep backups in safe locations for assured recovery of any encrypted work.

Stopping Your Files from Becoming the SymmyWare Ransomware's Wares

While the distribution aspect of the SymmyWare Ransomware remains under wraps, malware researchers find some associated executables implying that the threat actor plans on using remote admin tools for installing the file-locker Trojan. The fault for such attacks, often, lies in server admins using too-simple login credentials that a brute-force application could break or opening corrupted e-mail attachments. However, users shouldn't rule out other infection vectors, and the SymmyWare Ransomware can harm files on systems using most versions of the Windows OS.

The most robust defenses against non-consensual encryption attacks are always storing backup copies of your data on removable devices or password-protected, cloud-based services. Most PC security products with threat-detecting features, also, should identify the various members of the Hidden Tear family without trouble. Malware analysts recommend quarantining or removing the SymmyWare Ransomware with your preferred anti-malware program before starting any attempts at data unlocking or roll-backs.

Because most of the 'hard work' of the SymmyWare Ransomware's code has been in stone since the public unveiling of the Hidden Tear, its author doesn't need much expertise for finishing the job. The SymmyWare Ransomware could be arriving on Windows PCs anywhere in the world, although the indications, so far, suggest that it's planning on making money off of native English speakers.