Cardsome Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 20 % (Normal) |
Infected Computers: | 2 |
First Seen: | September 4, 2022 |
Last Seen: | December 27, 2022 |
OS(es) Affected: | Windows |
The Cardsome Ransomware is a screen locker Trojan. These Trojans function by blocking access to the victim's computer by displaying a full-screen message that the computer user can't bypass. Ransomware Trojans like the Cardsome Ransomware are not difficult to remove or bypass particularly. The Cardsome Ransomware pretends to carry out an encryption ransomware attack. Encryption ransomware Trojans are more threatening substantially, and use a strong encryption algorithm to make the victim's files inaccessible so that it can take them hostage. Unlike screen lockers, once the victim's files have been blocked by an encryption ransomware Trojan, it often becomes impossible to restore access to the affected files. This is why many screen locker Trojans, including the Cardsome Ransomware itself, are not able to carry out an encryption attack, despite leaving the victim's files untouched. However, it is also possible that the Cardsome Ransomware may be modified in the future to enable it to carry out a full encryption attack, rather than being limited to locking the victim's screen.
Table of Contents
What PC Users should Expect when Attacked by the Cardsome Ransomware
The Cardsome Ransomware was first observed on December 11, 2017. The Cardsome Ransomware does feature some data encryption capabilities, as well as display a lock screen on the victim's computer. The Cardsome Ransomware is designed to function as a screen locker, but the cybercrooks added an encryption component to force computer users into paying the ransom after a Cardsome Ransomware attack. The Cardsome Ransomware claims to target the user-generated files in its attack, which include images, videos, texts, and other file types, adding the file extension '.aes' to the affected files' names (possibly hinting at the idea that the AES encryption was used to encrypt the victim's files). Ransomware Trojans may encrypt the user-generated files while avoiding the Windows system files since they require the affected computer to remain functional to demand a ransom payment and display a ransom note. Examples of file types that may be encrypted by these kinds of attacks are:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
In fact, the Cardsome Ransomware displays a ransom note in its lock screen that claims to have used the AES 128 encryption to make the victim's files inaccessible. The message displayed in the Cardsome Ransomware's ransom note reads:
'We have encrypted your whole file system with
AES-128 algorithm, to decrypt them manually
you will need 4,5 billion years.
You need to pay the ransom for us to give you
back access to your important files.'
Preventing Attacks from the Cardsome Ransomware and Similar Threas
It is difficult to know what the Cardsome Ransomware is exactly. The Cardsome Ransomware delivers a program window with the name 'payments,' which asks the victims to add their credit card numbers and personal information, although it does not demand a specific ransom amount from the victim. This payment method is ineffective and somewhat puzzling, and it is clear that the Cardsome Ransomware's encryption routine is not fully implemented, and in many cases not even functional. The most likely answer to the questions that remain about the Cardsome Ransomware is that the Cardsome Ransomware is still unfinished and, at some point, its developers will release updated versions of the Cardsome Ransomware, which may clear up whether this threat is meant to be an encryption ransomware Trojan with a full attack.
URLs
Cardsome Ransomware may call the following URLs:
delas.live |