TraNs Ransomware
Posted: June 21, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 2,145 |
First Seen: | June 21, 2017 |
---|---|
Last Seen: | February 5, 2023 |
OS(es) Affected: | Windows |
The TraNs Ransomware is a Trojan that locks your files and holds them hostage until the victim pays for the decryption code. Malware experts are estimating that threat actors are introducing the TraNs Ransomware to unprotected PCs through manual methods, which makes practicing good password and network security paramount to preventing an infection. Programs with standardized anti-malware protection should identify and delete the TraNs Ransomware as a threat, although recovery of any locked files is not guaranteed necessarily.
Trojans Unable to Decide What Extension to Wear to an Infection
Among file-encrypting threats, brand awareness is critical, but not every con artist distributing Trojans can settle on the ideal name. A recent, otherwise ordinary case of RDP-based hacking has become an introduction to a new Trojan of this category, using two, separate identifiers and accompanying executables. Malware experts estimate that this is a result of two variants of the TraNs Ransomware being installed manually, although the threat actor's reasons for doing so are unclear.
Threat actors are collecting or brute-forcing passwords associated with company servers in unidentified sectors to drop the TraNs Ransomware. In most aspects, the TraNs Ransomware is a traditional file-encrypting threat and includes symptoms such as:
- The TraNs Ransomware locks a range of formats by encrypting them, although malware analysts have yet to confirm which cipher is in use. Documents, pictures, spreadsheets, archives, Web pages, and 3D models are examples of some of the media that the TraNs Ransomware could block.
- The TraNs Ransomware may append either 'TraNs' or 'TraNs550DonE' to the names of the above files that it attacks. In some cases, they may include doubled extensions. The TraNs Ransomware also associates these tags with its ransoming message-displaying an executable component so that trying to open them displays the ransom note.
- The text message (also readable outside of the TraNs Ransomware's secondary executable, which conceals itself as a random Temp file) uses almost identical sentences to those of the Xorist Ransomware campaign and solicits Bitcoin payments for the decryption key that unlocks your content.
Clearing Up a Confusing Trojan's Identity
Even without a history of using multiple extensions, the TraNs Ransomware includes significantly unrepresentative components that could cause the victims to inflict more damage on their locked files. The TraNs Ransomware is not a member of the Xorist Ransomware's family, and decryption software compatible with that family will damage, rather than unlock, your files. Malware experts recommend making copies of any encrypted media before using any one-way restoration strategies and always endorse keeping backups as the safest recovery option for your data.
It's unknown how the TraNs Ransomware's threat actors are compromising the login data of their targets. Although weak passwords can be brute-forced (or using specialized software to 'guess' the code), even sophisticated ones are susceptible to leaking through phishing attacks that disguise themselves as being legitimate requests. Although most anti-malware products should remove the TraNs Ransomware before other threats install it, manual installations are less easily preventable without modifying user behavior.
The TraNs Ransomware is another example to the growing list of threats that identify themselves in misleading ways and use infection methods hinging on previous security missteps. Whether you're preventing a Trojan attack or recovering from one, the greatest potential for harm usually comes from the person at the controls.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.