Turkish Ransomware
Posted: March 16, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 255 |
| First Seen: | March 16, 2017 |
|---|---|
| Last Seen: | October 5, 2022 |
| OS(es) Affected: | Windows |
The Turkish Ransomware is a Trojan that tries to force you to pay ransom money after it blocks your files. Adequate recovery methods not calling for paying con artists include using free decryption tools or reverting to a non-encrypted backup. You should use anti-malware programs to analyze new downloads and intercept this threat or, less ideally, remove the Turkish Ransomware after it installs itself.
Trojans Working Hard for Workers' Money
The threat campaigns targeting Turkey for cyber extortion are limited in number, but rising slowly. The Turkish Ransomware is the latest follow-up after Trojans like the fraudulent Cryptolocker 1.0.0 Ransomware and the DUMB-based Ramsomeer Ransomware, all of which employ file-encrypting attacks. After examining its installers, malware experts estimate that the Turkish Ransomware is in live distribution as forged internal communications to small business e-mail accounts within Turkey.
The 'March business' executable that the Turkish Ransomware uses for installation may conceal itself with an additional, fake extension or inappropriate icon. PCs compromised by this threat experience an encryption routine by the Trojan's TRY Catch File Encryptor module, which searches the local drives for different files, including Adobe PDF documents, Word documents, Excel spreadsheets, JPG images, and similar data potentially. The enciphered content becomes unreadable, although a victim can recognize them without trying to launch them purely by searching for the '.encrypted' extension (which also is in use in other Trojan attacks).
The Turkish Ransomware delivers its ransom demands for unlocking your content in both a pop-up or wallpaper image, as well as a Notepad file. Although most statistics of its attacks center in Turkey, the Turkish Ransomware's authors also include language support for English, Italian, French and German. As with most attacks of this type, the author demands a Bitcoin ransom, stopping you from canceling it if he doesn't uphold his end of the deal.
Keeping Yourself from Being Made into a Turkey by a Turkish Ransomware
While the Trojan's campaign is in its active deployment phase, not all anti-malware companies have finalized analyses of the Turkish Ransomware. Only a small number of current anti-malware organizations include positive detection rates for the Turkish Ransomware in their databases. Update your security software's database as soon as possible and, when appropriate, provide samples of the threat to interested researchers to facilitate the process of developing software solutions.
Malware researchers have yet to determine the viability of breaking the Turkish Ransomware's encryption routine. Some victims may be able to recover their files via free utilities, but saving backups is always a more sure means of protecting your content from similar attacks. Anti-malware products already proven against similar, file-encryption Trojans also should detect and remove the Turkish Ransomware either before or after it infects a PC.
Attacks like the Turkish Ransomware's campaign can come out of nowhere, rise to high numbers, and then switch to different strategies and brands in a matter of weeks or even days. However, they only profit from getting ransoms collected in the first place. No matter what files are at risk, rewarding the Turkish Ransomware with Bitcoins is an action with consequences you shouldn't underestimate.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.