Wisperado@india.com Ransomware
Posted: February 24, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 11 |
| First Seen: | February 24, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The 'wisperado@india.com' Ransomware is a variant of the Dharma Ransomware, a file-encrypting Trojan that leaves ransoming messages on the victim's PC after locking any files. Since the 'wisperado@india.com' Ransomware's encryption attacks aren't reversible without access to decrypting the data held by its threat actor, you should prevent a hostage situation by keeping backups dated from before the infection. Standard anti-malware products also may detect and delete the 'wisperado@india.com' Ransomware at any of several infection vectors, such as spam e-mails.
Just a New Wisp of Trouble for Your Files
The Dharma Ransomware branch of the CrySiS-based Trojan family is maintaining its heavy-proliferation reputation with new releases. Malware experts have not yet confirmed whether some of these latest threats, such as the 'wisperado@india.com' Ransomware, are from brand-new threat actors or merely previously-active ones changing communication infrastructures. The risk to the victim's files remains consistent, with an encryption-based payload that requires help from the Trojan's author to revert.
The 'wisperado@india.com' Ransomware blocks media including documents, pictures, and spreadsheets by encrypting each file individually via an AES or Rijndael algorithm. The 'wisperado@india.com' Ransomware can compromise network-accessible drives, in addition to local ones, although the operating system and other, installed programs should be unaffected. The 'wisperado@india.com' Ransomware appends the unique '.viper1' and '.viper2' extensions to their names, in addition to inserting its e-mail address for the ensuing ransom negotiations.
After the media encoding, the 'wisperado@india.com' Ransomware issues a hidden command for erasing any Shadow Copy backups (which could restore the encrypted files) and drops messages demanding ransom payments. Malware experts always see this family of Trojans using multiple formats for the latter, including JPG images, local Web pages and Notepad text. In nearly all cases, threat actors leveraging the 'wisperado@india.com' Ransomware and other file-enciphering Trojans will ask for the ransom through a method that doesn't provide refunds, such as a cryptocurrency.
The Digital Antitoxin for a Trojan's Snakebite
Since CrySiS kit-made Trojans are the creations of different sets of threat actors, their distribution methods and intended targets will differ between each campaign. Malware experts estimate that the 'wisperado@india.com' Ransomware is likely to attack business networks and servers with vulnerable RDP settings or poor e-mail security protocols currently, both of which offer potential infection vectors. Installers for the 'wisperado@india.com' Ransomware may disguise themselves to look like safe documents from an internal department or a shipping company.
The anti-malware industry has yet to develop a decryptor applicable to most versions of the CrySiS Trojans, which includes the Dharma Ransomware and its February variant of the 'wisperado@india.com' Ransomware. At the same time, making a ransom payment may or may not give you access to a decryptor, depending on the individual generosity of the con artist in question. Use backups and store them in locations not able to be erased or encrypted to keep the 'wisperado@india.com' Ransomware from causing permanent harm to your files.
Typically, relying on seeing the symptoms of a Trojan's file encryption results in the loss of money, file data or both. Take appropriate data redundancy-oriented precautions and use your anti-malware protection to catch the 'wisperado@india.com' Ransomware before it can cause issues not easily remedied.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.