ViiperWaRe Ransomware
Posted: October 18, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 9 |
First Seen: | October 18, 2017 |
---|---|
Last Seen: | January 8, 2020 |
OS(es) Affected: | Windows |
The ViiperWare Ransomware is a file-locking Trojan that can block media, such as documents, with a Hidden Tear-based encryption feature. The symptoms of such attacks may be minimal or nonexistent until the damage occurs, after which it forces the victim into paying ransoms for the threat actor's decryption code. Like any Hidden Tear variation, malware analysts advise having standard anti-malware protection for isolating and removing the ViiperWare Ransomware, and backups for safeguarding your files.
The Fanged Face of Incoming Computer Problems
Threat actors that have either no time or talent for creating dedicated RaaS campaigns often prefer using already-free resources for developing minor variations of old Trojans, such as the global phenomenon that is Hidden Tear. The distribution exploits and strategies enabling these threats can be as variable as the hands that operate them, such as the Italian-based The Magic Ransomware, or the relatively generic ViiperWare Ransomware. The second of these two Trojans provides few details about its future campaign, and malware experts are classifying it as incomplete currently, but needing little updating to become a data security hazard.
After its installation, the ViiperWare Ransomware searches for files according to both their formats and locations, with the threat actor configuring the Trojan to damage only content in a 'test' desktop folder currently. The ViiperWare Ransomware appends '.viiper' extensions onto this media, in addition to encoding it with what malware experts estimate is a derivative of an AES-based encryption. This attack blocks the target content from opening until the user decrypts it, which requires the custom code or key.
This first attack gives no identifiable symptoms for the victim to detect that might provoke attempts to terminate the ViiperWare Ransomware's process. However, the ViiperWare Ransomware's threat actor does generate a pop-up message after the fact, using an HTML executable (or HTA) file to deliver the ransoming demands for the file-unlocking code. The snake-themed window gives a generic set of ransoming instructions asking for the equivalent of twenty Euros (or roughly twenty-three USD), with embedded features for assisting with this payment.
Defanging a Common Predator of Files
Like many incomplete Trojans, the ViiperWare Ransomware's main limitation is the text field for which locations it scans and encodes. Its author could change this value readily and release a version of the ViiperWare Ransomware that could damage files anywhere on the victim's PC, including the operating system's directory or the directories of other, essential programs. However, malware researchers usually find these attacks targeting work-related media that would be most suitable for ransoming, such as documents, spreadsheets, slideshows, pictures, audio, and databases.
Depending on whether or not the ViiperWare Ransomware's author makes any further alterations to the Trojan's file-locking feature, any users with locked media may be able to decode and restore their files with help from appropriate, free decryption software. If freeware solutions prove incompatible, then only the presence of a backup dating to before the attack can help retrieve the data without paying. Whatever other steps the victim takes, malware analysts recommend removing the ViiperWare Ransomware with a professional anti-malware product that already is well-versed in detecting Hidden Tear's many variants.
Even the basest and most well-examined threats like Hidden Tear will continue spawning new versions until their victims provide reasons for the con artists to switch tactics. The ViiperWare Ransomware's ransoms are very far from being the most costly of those that malware experts are finding, but remain equally demonstrative of the fact that neglecting the security of your file storage comes with a regularly-renewed expense.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.