Asasin Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 2 |
| First Seen: | October 11, 2017 |
| Last Seen: | January 27, 2019 |
| OS(es) Affected: | Windows |
The Asasin Ransomware is an encryption ransomware Trojan. These threats are designed to encrypt the victims' data to demand a ransom payment. Threats like the Asasin Ransomware take the victim's files hostage by making them inaccessible. Then the victim is forced to pay a large ransom amount in exchange for the decryption key that is necessary to recover the files affected by the Asasin Ransomware attack.
Table of Contents
The Asasin Ransomware is The Latest Addition to the Locky Family
PC security researchers have first observed the Asasin Ransomware on October 10, 2017. The Asasin Ransomware is one of the many variants in the Locky Ransomware family. This family of ransomware has been among the most active families of ransomware since May of 2016. There are numerous variants of Locky, and there is very little to differentiate the Asasin Ransomware from the various other Locky variants. Some ransomware Trojans are designed to attack businesses or Web servers, while others are designed to infect individuals. The Asasin Ransomware is designed to attack regular computer users and is delivered using spam email attachments and social engineering tactics.
How the Asasin Ransomware Infection Works
The Asasin Ransomware carries out a typical ransomware tactic and communicates with its Command and Control servers to deliver information about the victim's computer and receive configuration data. The Asasin Ransomware is implemented with several layers of obfuscation that are designed to make it difficult for PC security researchers to study the Asasin Ransomware's code effectively. The main way in which the Asasin Ransomware carries out its attack is by using a powerful encryption algorithm to encrypt the victim's files. The Asasin Ransomware will rename the files encrypted by the attack, replacing the files' names with erratic characters and adding the file extension '.asasin' to the end of the infected file's name. The following is the model that the Asasin Ransomware uses to rename the files encrypted by the Asasin Ransomware attack:
[8_RANDOM_CHARS]-[4_RANDOM_CHARS]-[4_RANDOM_CHARS]-[8_RANDOM_CHARS]-[12_RANDOM_CHARS].asasin
The Asasin Ransomware will target the user-generated files while not altering files that Windows requires to operate normally (these threats need the operating system to remain functional so that the victim can pay the ransom fee) in its attack. Examples of the file types that are targeted by the Asasin Ransomware attack include:
3g2, .3gp, .asf, .asx, .avi, .flv, .m2ts, .rm, .jpg, .tar.gz, .gif, .sqlite3, .html, .txt, .tar, .jpeg, .swf, .mkv, .mov, .vob, .png, .mp3, .pyc, .php, .log, .jar, .sh, .tiff, .mp4, .wmv, .docx, .mpg, .mpeg, .pdf, .rar, .zip, .7z, .exe, .c, .sql, .bak, .bundle, .cpp, .deb, .h, .pdf.
The Asasin Ransomware seems to target computer users in Russia and Russian speaking geographical locations specifically. However, there is nothing that would prevent the Asasin Ransomware from spreading to computer users outside of this demographic.
The Asasin Ransomware’s Ransom Demands
The Asasin Ransomware delivers a ransom note after finishing the files' encryption. The Asasin Ransomware's ransom message is contained in an image that replaces the victim's desktop background, as well as in an HTML file that is displayed on the infected computer's Web browser. The Asasin Ransomware's ransom note uses a red and black background and is contained in a file named 'asasin.htm' that is dropped in every directory where the Asasin Ransomware has encrypted data. The Asasin Ransomware's ransom note threatens the victim and claims that the victim should install the TOR browser and email the crooks at 'documents@rightsignature.com' to pay the ransom amount necessary to restore the affected files. Computer users that refrain from paying this ransom amount are choosing the right path. There is nothing that guarantees that the crooks will restore the victim's files. They are just as likely to ignore the victim's payment or ask for more money. Malware analysts advise the use of backups to restore any files affected by the Asasin Ransomware attack.
