Losers Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 46 |
| First Seen: | October 27, 2017 |
| Last Seen: | August 19, 2019 |
| OS(es) Affected: | Windows |
The Losers Ransomware is an encryption ransomware Trojan that was first observed on October 26, 2017. The Losers Ransomware seems to be related to a previous ransomware Trojan known as Cry36 Ransomware closely. In fact, it seems that the Losers Ransomware is part of a ransomware family known as the Crypton Ransomware which has been active for nearly a year at the time of writing this report. The Losers Ransomware is very similar to other variants in this family and only differs in the use of a new Command and Control server. The Losers Ransomware is mainly being distributed through cracked software and pirated versions of the Windows operating system and other Microsoft software, which may be distributed through peer-to-peer file sharing networks and various online websites and platforms used to share this software. Because of this, it is important to avoid illegally copied or pirated software, since besides being illegal, it also carries a high-risk of infecting a computer with threats like the Losers Ransomware.
The Consequences of a Losers Ransomware Infection
The Losers Ransomware, like other encryption ransomware Trojans, is designed to encrypt the victim's files. The Losers Ransomware and similar threats target the user-generated files while avoiding the Windows system files since they require Windows to remain functional so that the victim can read the ransom note and pay the ransom. Among the file types that are targeted in attacks like the Losers Ransomware are:
.aif, .apk, .arj, .asp, .bat, .bin, .cab, .cda, .cer, .cfg, .cfm, .cpl, .css, .csv, .cur, .dat, .deb, .dmg, .dmp, .doc, .docx, .drv, .gif, .htm, .html, .icns, .iso, .jar, .jpeg, .jpg, .jsp, .log, .mid, .mp3, .mp4, .mpa, .odp, .ods, .odt, .ogg,.part, .pdf, .php, .pkg, .png, .ppt, .pptx, .psd, .rar, .rpm, .rss, .rtf, .sql, .svg, .tar.gz, .tex, .tif, .tiff, .toast, .txt, .vcd, .wav, .wks, .wma, .wpd, .wpl, .wps, .wsf, .xlr, .xls, .xlsx, .zip.
The Losers Ransomware identifies the files encrypted by its attack by adding the file extension '.losers' to the end of each affected file. Unluckily, once the Losers Ransomware has encrypted a file, it becomes impossible to recover the affected file without the encryption key, which the con artists hold in their possession.
The Losers Ransomware's Ransom Note
After encrypting the victim's files, the Losers Ransomware delivers a ransom note, alerting the victims of the attack and asking for the payment of a ransom. The Losers Ransomware is delivered in a text file named 'HOWTODECRYPTFILES.txt,' which may be installed on the infected computer's desktop and in directories where the Losers Ransomware has encrypted data. In some of the Losers Ransomware variants, an HTML version of the Losers Ransomware ransom file also may be delivered to the victim. The full text of the Losers Ransomware ransom note reads:
'***ALL YOUR WORK AND PERSONAL RLES HAVE SEEN ENCRYPTED***
To decrypt your files you need to buy the special software. To recover data, follow the instructions! You can find out the details/ask questions in the chat:
https://[EDITED].onion.lo (not need Tor)
https://[EDITED].onion.cab (not need Tor)
https://[EDITED].onion.nu (not need Tor)
You ID: [8 RANDOM CHRACTERS]
[INSTRUCTIONS HOW TO INSTALL THE TOR BROWSER]
// If you have any problems Installing or using, please visit the video tutorial [LINK TO YOUTUBE]'
Computer users must refrain from contacting the people responsible for the Losers Ransomware or attempting to pay the Losers Ransomware ransom. Apart from allowing con artists to continue financing their operations, paying also is very unlikely to result in the return of the infected files. Instead, take preventive measures to ensure that you can recover your data after a Losers Ransomware attack. The best prevention in the case of the Losers Ransomware is to have a reliable anti-malware application that is fully up-to-date and to ensure that you also have file backups to help you recover your data.
