USBR Ransomware
Posted: August 31, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 869 |
| First Seen: | August 31, 2017 |
|---|---|
| Last Seen: | June 14, 2023 |
| OS(es) Affected: | Windows |
The USBR Ransomware is an updated version of Hidden Tear, a file-encrypting Trojan. This variant includes additional support for offline attacks after infecting a PC. All versions of Hidden Tear can be limited in capacity for harm by saving backups in a safe location, and dedicated anti-malware programs can uninstall the USBR Ransomware or delete it before its installation with little to no anticipated issues.
Cutting the Network out of the Loop of a Trojan Campaigning
Threat actors are coming up with new ways of exploiting the encryption features of the Turkish-made Hidden Tear program, whose educational, file-locking features are now a significant part of the Trojan industry's landscape. A recent derivative of Hidden Tear, the USBR Ransomware, is dispensing with what other Trojans often rely on as a necessary prerequisite for finishing their payloads: a connection to a remote server. This choice is similar to the attacks of the Azer Ransomware and some variants of the SamSam Ransomware family philosophically, even though the USBR Ransomware isn't a direct descendant.
As with most versions of Hidden Tear, the USBR Ransomware scans for files of predetermined formats (examples can include DOC, JPG, BMP, XLS, and ZIP) in all directories. Any media fitting the description goes through an AES enciphering routine that makes their data incomprehensible for their associated programs, such as Word or the Windows 10 Photos application. The USBR Ransomware also may add extensions or make other name-based edits to these files.
Malware researchers also found one substantial upgrade in the USBR Ransomware, when compared to similar, HT-based threats: it doesn't need to make contact with a Command & Control server for uploading or downloading a key. No information is available yet on whether the USBR Ransomware's name is an additional clue as to its intended distribution plans, such as via USB devices, or a red herring. However, the USBR Ransomware shows no worm-based features for creating duplicates of itself to compromise removable devices.
Evaporating a Trail of Hidden Tears
The ransom message that the USBR Ransomware drops for the victim to read contains few details other than a demand for 'some of your salary in Bitcoins.' The threat actor may be intending to add more details, such as an email or wallet address, later in this Trojan's development. Like most crypto currency payments, the USBR Ransomware's Bitcoin ransom is refundable only with permission from the recipient, and malware experts advise not paying to restore your files, if possible. Backing up your work to a safe, removable hard drive is ideal for curtailing encryption-based risks and eliminating the bargaining power of any USBR Ransomware infection.
Samples of the USBR Ransomware available to malware analysts provide no significant data on how its threat actor plans to distribute it to new PCs. Email spamming campaigns, website-hosted Exploit Kits, and brute-force compromised servers are archetypal examples of how a con artist might introduce this threat to your computer. Anti-malware programs and cautious Web-browsing behavior can help with eliminating the USBR Ransomware before it infects your PC, and the former also may assist with uninstalling the USBR Ransomware and stopping any ongoing attacks.
Most Web surfers are correct to think of the Internet as a place providing danger and informative resources in equal measure, but Trojans like the USBR Ransomware aren't dependent on it necessarily. Trojans with the ability to harm your computer even while it's offline are a recurrent security concern that every PC user should account for in their daily lives.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.