Vanguard Ransomware
Posted: March 7, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 76 |
First Seen: | March 7, 2017 |
---|---|
OS(es) Affected: | Windows |
The Vanguard Ransomware is a Trojan that can encrypt your files to block them, which it exploits for motivating you to pay a ransom for the decryption key. Unlocking your content via other means isn't always possible, and malware experts advise that you back up any files that you can't afford to lose during such attacks. Ideally, your anti-malware solutions should detect and remove the Vanguard Ransomware before it begins locking anything on your PC.
A Vanguard Trojan Using 'Old Guard' Style Attacks
Although threat actors using Trojan-based extortion often insist on high-visibility branding imagery, their choices often don't correspond to the attacks they leverage. In some cases, they may imitate old, notorious Trojans like the Jigsaw Ransomware. In others, such as the Vanguard Ransomware, they can misrepresent their standardized payloads as being new or innovative. This new Trojan's most unusual characteristic is its language choice of Go, although even that decision is one that it shares with the '.braincrypt File Extension' Ransomware and the YourRansom Ransomware.
The Vanguard Ransomware makes Registry changes to allow itself to launch after the install routine automatically. Then, it loads a hidden instance of the CMD program to issue various, corrupted commands, including one for deleting the Shadow Copy backups. Malware experts also spotted changes to proxy and Web-browsing settings that could assist the Vanguard Ransomware with contacting a C&C server for purposes like notifying the threat actor of the infection.
All of these features are secondary features for the Vanguard Ransomware's payload, which focuses on encoding your files with an encryption cipher. The Vanguard Ransomware scans for hundreds of different formats of data, such as DOC documents or ZIP archives, and encodes them to prevent them from opening. The Vanguard Ransomware follows this attack with a ransom message in a Notepad file using phrasing copy-pasted from unrelated Trojan campaigns directly. Victims are asked to pay Bitcoins for the decryption key or risk losing their content permanently.
Guarding What's Yours from Cut-and-Paste Trojans
Besides eschewing the more traditional coding languages, the Vanguard Ransomware offers little in the way of creativity in Trojan attacks. Using Go has not provided the Vanguard Ransomware with any advantages in stealth features, and a clear majority of anti-malware products have proven themselves capable of detecting various samples of this threat. Preventative security protocols are especially important for Trojans of this classification, which are often capable of inflicting file damage that the victim can't reverse.
While its campaign appears to be not fully developed, the Vanguard Ransomware's circulatory strategy already seems to be exploiting fake Microsoft Office content. E-mail attachments are one of the most prominent distribution methods con artists prefer for exposing victims to corrupted documents, whereas compromised websites are most likely to promote fake software updates and installers. Letting anti-malware products auto-detect browser-based threats and scan all downloads actively should eliminate the Vanguard Ransomware before it becomes a security hazard.
For the time being, theoretically, paying the Vanguard Ransomware's administrator is the only means of decrypting your files by gaining access to its key. However, as long as threat authors are using cryptocurrencies like Bitcoin for their transactions, victims run the risk of making payments that give back nothing for their PCs.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.