VINDOWS DEFENDOR Ransomware
Posted: June 26, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 225 |
| First Seen: | June 26, 2017 |
|---|---|
| Last Seen: | September 27, 2022 |
| OS(es) Affected: | Windows |
The VINDOWS DEFENDOR Ransomware is a variant of the Levis Locker Ransomware, and, like it, blocks your desktop by displaying a pop-up showing its ransoming demands. This version of the threat also includes full data-encrypting features that could damage various formats of data, making them unreadable. Use anti-malware products to protect your PC or remove the VINDOWS DEFENDOR Ransomware, and backups or free decryptors to restore your files.
Trojans Throwing Your Whole PC into Its Own Recycle Bin
In late 2016, malware experts started confirming attacks from a new, screen-locking threat that also appeared to demonstrate a potential for encoding local data: the Levis Locker Ransomware. Months afterward, they finally see a new evolution of its campaign, with the VINDOWS DEFENDOR Ransomware. Its threat actors seem to have finished expanding the payload to encrypt files although, as per previous attacks, the VINDOWS DEFENDOR Ransomware's dominating symptom is the pop-up it uses to hijack your screen.
While it encrypts the local media, the VINDOWS DEFENDOR Ransomware's encryption displays no user interface or other symptoms of visibility to any users. The Trojan is most likely to damage files of widely used formats, such as BMP, JPG, DOC, TXT, RAR, ZIP or XLS. Malware experts are estimating that the VINDOWS DEFENDOR Ransomware is using asymmetric AES and RSA algorithms in conjunction. Unless they find new glitches in its code, this encryption method will both prevent you from opening your files and erect a barrier to decrypting them through third-party software.
The VINDOWS DEFENDOR Ransomware shows its ransoming demands, and fake warnings about illicit Web-browsing activities, through a pop-up window, instead of a traditional TXT or HTML file. This window only shows minor modifications from the old Levis Locker Ransomware and still asks for payment through MoneyPak before unlocking your media. The Trojan also claims to delete the contents of your PC once its time limit reaches zero, although this feature may not be active necessarily.
Defending Windows from a Potentially Explosive Timer
The VINDOWS DEFENDOR Ransomware's social engineering techniques retain the amateurish wording and formatting of its old version, and any victims familiar with the English language or Windows OS are unlikely to believe its assertions. However, the VINDOWS DEFENDOR Ransomware does block access to both the desktop and various files on your PC and may damage the latter permanently. Additionally, since its threat actor may not provide a decryption key or code for unlocking the screen, paying the Trojan's ransom is a highly risky gamble.
The VINDOWS DEFENDOR Ransomware is a Windows-based threat, and that OS comes equipped with security features for disabling invasive startup processes, including Trojans. Most low-level threats are unable to load from Safe Mode automatically. Unfortunately, malware experts can't provide any help on decrypting anything that that this Trojan locks currently, which heightens the value of having preexisting and, preferably, non-local backups. On the other hand, anti-malware programs also should detect and remove the VINDOWS DEFENDOR Ransomware without incident.
Between memes, questionable language translation tools, threats to the PC and a variety of data-blocking features, the VINDOWS DEFENDOR Ransomware offers a childish payload with a lot to analyze. Threat actors don't need to be seasoned or sophisticated to threatening to what's on your computer, as the value of having backups only climbs a little more every day.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.