Wyvern Ransomware
Posted: September 22, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 117 |
| First Seen: | September 22, 2017 |
|---|---|
| Last Seen: | August 24, 2020 |
| OS(es) Affected: | Windows |
The Wyvern Ransomware is a Trojan that encrypts your media to collect ransom money by offering to sell you the decryption tool's services. This threat is an affiliate of the so-called Blank Slate campaign, and its installer may arrive as an attachment to a blank email message that's using a fake sender address. Victims should use anti-malware tools to block or remove the Wyvern Ransomware while giving it as little access to their files as possible and recover any damaged content through previous backups.
A New Predator's Silhouette Shadowing Your Files
The BTCWare Ransomware group appears to have either a new member or a close copycat, as malware experts and other PC security industry researchers confirm the new distribution of a Trojan sharing most of that family's symptoms. This Trojan, the Wyvern Ransomware, also is a likely candidate for being distributed under the RaaS model that allows a second threat actor to handle how it circulates and what address collects the ransom money. Although its name is new, the Wyvern Ransomware conducts the same attacks of using advanced pop-ups for extortion after succeeding at locking content with encryption attacks.
Standard operations for the Wyvern Ransomware's family use AES-based encoding techniques for encrypting files that can include text documents, pictures and other data types. The key to decoding and unlocking this data also locks itself with a second, usually a RSA-derived cipher. Along with including new '.wyvern' pseudo-extensions, these files also will have their names changed for including an email address and custom ID. While malware experts see no symptoms associated with the file-blocking feature directly, after it finishes, the Wyvern Ransomware does launch a pop-up.
This window delivers ransoming instructions that ask the victim to pay Bitcoins in exchange for getting access to a decryption tool that's compatible with their locked files. Some versions of the BTCWare Ransomware are responsive to unlocking by a third-party, free software, and malware experts recommend sampling these solutions before considering alternatives. Users also should have backups of their most valuable or vulnerable types of media, such as workplace documents and records.
Shooting the Wyvern Ransomware out of the Sky
The Wyvern Ransomware's name is a reference to a variant of the mythical dragon, and, just like that winged reptile, seems to be a small revision to a preexisting threat that's larger than itself. This Trojan is using the Blank Slate campaign's infection vectors currently, responsible for both the Cerber Ransomware and the '.locky File Extension' Ransomware, for compromising Windows PCs. The botnet-based email uses spoofed sender addresses and blank (without content) messages that carry attachments for installing the Wyvern Ransomware and similar threats. In most circumstances, malware experts find that the user would have to ignore or disable multiple security warnings to trigger the Trojan downloader.
Like a majority of Trojans with file-locking behavior, the Wyvern Ransomware can cause permanent damage to any media that it encodes. Most users should practice proactive security steps that could eliminate this threat before it can encrypt the contents of their PCs, such as scanning new downloads with anti-virus software, disabling in-document macros, and confirming the identity of senders before trusting email's attachments. Professional anti-malware programs can detect and delete the Wyvern Ransomware, like any BTCWare Ransomware update, as a threat to your PC.
The omission of a social engineering tactic with the Wyvern Ransomware's delivery mechanism is an unfortunate sign that the Blank Slate campaign is retaining a sustainable rate of infections. Arguably, any PC users rewarding attackers by disabling vital security features manually deserve nothing less than the expensive consequences that the Wyvern Ransomware can put against them.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.