Teeny Ransomware
The Teeny Ransomware is a Trojan that sabotages the PC's bootup routine and prevents it from loading Windows. Instead, the Teeny Ransomware redirects the user to a misleading ransom note that claims falsely that it has encrypted their data. Users should repair their PCs using appropriate MBR recovery strategies and remove the Teeny Ransomware's remaining components with an anti-malware program.
A More than Teeny Problem for Windows
A threat actor targeting Turkish PC users is giving them another reason to be suspicious about extortion demands that include unverifiable warnings. His weapon of choice, the Teeny Ransomware, is a simple, MBR-corrupting Trojan that pretends that it's a file-locking one, instead. His campaign appears sufficiently new that malware experts have yet to find any profits associated with the Trojan's wallet, and any victims shouldn't pay the pointless ransom.
The Teeny Ransomware is Windows software is in distribution through unknown means, although current samples include ZIP-based compression (possibly to hide from AV solutions) and a broken attempt at a certificate for faking a 'legitimate' identity. Relatively few anti-malware services are detecting the Teeny Ransomware accurately, due to it being new and including limited functionality. However, when it runs, it overwrites the system's Master Boot Record or MBR, which defines how the operating system loads.
After sabotaging Windows' startup routine successfully, the Teeny Ransomware replaces it whenever the computer next reboots. This ASCII ransom note screen delivers a Turkish text with the traditional demands of file-locker Trojans like Hidden Tear or the Crysis Ransomware. However, malware experts can confirm that the Teeny Ransomware, despite its assertions, doesn't encrypt any data or harm your media. Despite that limitation, its subversion of the MBR is just as effective at potentially locking users out of getting to their files.
Growing Up Out of a Small Trojan Attack
There are several means of repairing the MBR in cases where the Teeny Ransomware doesn't wipe it as its threat actor intends. Alternately, the users could use a different way of retrieving their data, such as loading from a 'backup' USB-based OS, like PuppyLinux, before reinstalling Windows. Paying the Bitcoin ransom doesn't help since malware experts find no features in the Teeny Ransomware's payload that would help with repairing the OS's startup information even if the threat actor was trustworthy.
Certificate use is only one of the several ways that the criminals disguise their threats for pretending that they're updates or, otherwise, legitimate downloads. Spam e-mails are an especially prominent means for an extortion-focused Trojan to gain access to PCs, although torrents, exploit kits, brute-force attacks, and port-scanning also are facets of different campaigns. The users should scan all downloads for catching and deleting the Teeny Ransomware ASAP, abide by good network administration standards, and always back their work up to another device.
The Teeny Ransomware is expecting only Turkish victims, but a spoiled MBR is a problem, no matter what your country is. And, like most Trojan dilemmas, it's easier prevented beforehand than repaired after it happens.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.