Threat Database Ransomware '' Ransomware

'' Ransomware

Malware experts have warned about a new ransomware threat that is being freely distributed online. Its name is ‘’ Ransomware, and it would appear that this is yet another variant of the infamous GlobeImposter Ransomware. The entry barrier for ransomware creation and propagation is rather low. Cyber crooks do not need to create a data-locking Trojan from scratch necessarily – instead, they can use the readily available code of already existing threats of this type or simply use a ransomware builder kit. This allows malicious actors with little to no experience to build and distribute ransomware threats.

Propagation and Encryption

It has not yet been revealed what propagation methods are employed in the spreading of the ‘’ Ransomware. The most popular infection vector is spam emails. Cybercriminals tend to devise a fraudulent message using various social engineering techniques whose end goal is to make the user into opening the attached file. Usually, the attachment would be macro-laced, and once it is launched, it will infect the targeted host. Authors of ransomware also tend to utilize torrent trackers, bogus pirated media and applications, fake software downloads and updates, and other propagation tools to spread their corrupted file-encrypting Trojans. Once the ‘’ Ransomware is present on the system, it will scan the files of the user and then begin the encryption process. When the ‘’ Ransomware applies its encryption algorithm and locks a file, it also will alter its name. The extension that this data-locking Trojan appends to the affected files is ‘’ Therefore, a file that was named ‘snow.jpeg’ before the attack, will be renamed to ‘’ when the encryption process has been completed.

The Ransom Note

In the next part of the attack, the authors of the ‘’ Ransomware will deliver their ransom message in a file named ‘HOW_RECOVER.html.’ The note tells the PC users that their files have been encrypted and provides instructions, which are meant to help the user recover their data. The attackers state that the user needs to send them one encrypted file, which they will decrypt for free and then provide the victim with the price they will have to pay to obtain the decryption key. Unlocking one or several files for free is a common technique used by authors of ransomware threats. It serves to prove to the victim that the attackers are capable of reversing the damage that they have done to the user’s data. The email used for communicating with the attackers is ‘’

We would advise you to avoid getting in touch with cyber crooks like the con actors behind the ‘’ Ransomware. However, the cybercriminals may not hold up their end of the bargain even if you pay the ransom fee demanded. This is why you should consider obtaining a reputable anti-virus solution that will not only remove the ‘’ Ransomware safely from your computer but will go a long way to protect your system from issues in the future.


Most Viewed