Technicy Ransomware
Posted: September 28, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 87 |
| First Seen: | September 28, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Technicy Ransomware is a Polish variant of Hidden Tear, a Trojan that locks your files with encryption. Con artists use these features for holding content such as documents hostage until you pay a ransom fee. These premium data recovery solutions often are reliable imperfectly, and malware experts suggest that all users fall back to backups or contact security researchers for decryption help, as you require. Removing the Technicy Ransomware with appropriate anti-malware products can't reverse any data encryption that's already taken place but will stop any ongoing file-locking or deleting attacks.
h3>Poland Gets Another Dose of Hidden Tear
An unidentified threat actor is uploading a mid-development Trojan with file-locking properties to centralized threat databases, possibly to help him learn how to avoid current detection methods. While the Technicy Ransomware has yet to show many, extensive features, the Technicy Ransomware can lock files with an encryption attack built off of Utku Sen's Hidden Tear, and also may hijack the Windows profile's desktop image. This threat is joining old campaigns like those of the ClicoCrypter Ransomware and the Flotera Ransomware for extorting the users of PCs in Poland.
After the user installs it through undocumented exploits, the Technicy Ransomware launches a background process for scanning the victim's media, including Word documents, PDFs, JPG pictures, Excel spreadsheets and similar formats. The Technicy Ransomware encrypts any files that it detects that aren't in a blacklisted directory (such as the Windows folder) using an AES-based algorithm. After it finishes, the Technicy Ransomware replaces the Windows desktop's background image with a new one. Currently, the Technicy Ransomware's threat actor is using this second function for delivering a Polish message inviting security researchers to analyze the Trojan.
The Technicy Ransomware's payload expresses minimal symptoms to the user until after completing the data-locking attack. Malware experts have no hard information on any ransoming instructions that future versions of the Trojan might provide. The Technicy Ransomware does use a custom extension ('.technicy') to flag any files it locks with its encryption feature, which is not part of any other Trojan's campaign and can help any victims determine what content is under blockade.
Taking Advantage of the Technical Constraints of the Technicy Ransomware
Although its offer is daring PC security researchers to examine this threat essentially, the Technicy Ransomware has limited code obfuscation and should be detectable by most brands of anti-malware products. Its payload, while incomplete, does offer the possibility of endangering the users' local files without giving them a working (or free) solution for decoding them. Backing up any high-value content to secondary locations, such as a free USB drive that you leave unplugged from your computer, provides a reliable means of restoring any work that this Trojan encrypts. Since the Technicy Ransomware's family isn't known for using extremely secure encoding methods, malware experts also encourage testing the compatibility of free Hidden Tear decryptors.
Delivery methods for file-locking threats often use email attachments for compromising a PC, private business servers especially. Other methods that malware experts also see on display for Trojans of the Technicy Ransomware's classification include website-hosted exploit kits, brute-force tools that crack poorly-managed network passwords, and torrents mislabeled intentionally. Holding to standardized security practices can lower your chances of contact with this Trojan, and professional anti-malware software always may remove the Technicy Ransomware safely upon its detection.
No country is a safe place to hide from Trojans, especially when their code is as good as free. A well-intended project that's twisted towards private, undeserved profit like the Technicy Ransomware's new campaign is something that can harm Poland just as easily as any other nation around the world.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.