Schwerer Ransomware Description
The Schwerer Ransomware Trojan falls in the category of crypto-threats. The Schwerer File Encoder Trojan is designed to invade systems, lock content on local disks and removable drives connected to the machine, and present the compromised user with a ransom note offering a decryptor in exchange for 150 EUR/161 USD paid via Bitcoins. The Schwerer Ransomware belongs to the mid-tier section of the crypto-threat market, and its structure resembles those of the CryptoWire Ransomware and the UltraLocker Ransomware since they are written using the AutoIt programming language. The threat at hand appears to be aimed at English-speaking users despite its name that some may associate with Germany. It is possible that a native German-speaker created the Schwerer Ransomware Trojan. However, the threat may invade computers in Eastern Europe, Central Asia and North America as well.
The Schwerer Ransomware is Aimed to Perform a Blitzkrieg-Style of Attack
The Schwerer Ransomware is named after the program window shown to users after the Trojan has finished its work. Compromised users are shown a window named 'Schwerer' which acts as the ransom notification. When the 'Schwerer' message appears it is already too late to limit the damages. The Schwerer Ransomware is aimed to perform a blitzkrieg-style of attack where the encryption process takes place in the background, and the threat seeks to lock a limited number of data formats to minimize the chances it is detected and deleted. The threat may encipher user-generated content like photos, family videos, music, presentations, spreadsheets, media projects on Adobe Photoshop, eBooks and text documents. Cyber security analysts reported that the Schwerer Ransomware is known to create the following files and directories:
- "C:\Documents and Settings\
- "C:\Documents and Settings\
The threat is reported to add a Registry key in Windows:
As stated above, the Schwerer Ransomware is written using the AutoIt programming language, and that enables it to access resources from the Microsoft NET Framework on Windows 10, 8.1 and 7. That way, the threat can run via a small file and use legitimate resources without triggering security alerts. The ransom message provided with the 'Schwerer' window reads:
'All your computer file were encrypted with AES, only we can restore your files.
How to restore files :
Files encrypted : [NUMBER OF LOCKED FILES]
1. Send email to firstname.lastname@example.org containing your personal identifier (it is below)
2. We will send you a Bitcoin address, you must send 150€ to it within 3 days.
IF YOU DO NOT UNDERSTAND BITCOIN EMAIL WILL CONTAIN INFORMATIONS
3. Once full amount is sent you email us again. (make sure to contain key)
A. We will send you key and you will paste into textbox below, that will restore files.
Your Identifier: [43 RANDOM CHARACTERS]
Restore key: [TEXT BOX]
There is a Decryptor for the Initial Release of the Schwerer Ransomware
As of writing this article, a free decryptor is compiled by a researcher named
Jiri Kropac and provided on the Internet. PC users that are infected with the Schwerer Ransomware may want to load their favorite search service and seek the decryption software by Jiri Kropac. You should note that the authors of the Schwerer Ransomware are likely to see the news regarding their product and issue an update. It is a smart move to add a reputable anti-malware shield and a backup manager to your system to block connections to pages and documents associated with the Schwerer Ransomware. A decent backup manager should allow you to protect your files and export a backup to an external drive for maximum security. AV scanners may tag the objects used by the Schwerer Ransomware as:
- Trojan.Generic.21128650 (B)
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
Infected with Schwerer Ransomware? Scan Your PC for FreeDownload SpyHunter's Spyware Scanner
to Detect Schwerer Ransomware * SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.
Security Doesn't Let You Download SpyHunter or Access the Internet?
Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
If you still can't install SpyHunter? View other possible causes of installation issues.
File System Details
|#||File Name||Size||MD5||Detection Count|