Runsomewere Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1 |
First Seen: | November 28, 2016 |
Last Seen: | April 3, 2020 |
OS(es) Affected: | Windows |
The Runsomewere Ransomware is an encryption ransomware Trojan that is based on the infamous Hidden Tear project, an open source 'educational' ransomware engine that spawned a large number of ransomware attacks. If the Runsomewere Ransomware managed to encrypt your files, you can restore them from a backup and remove the Runsomewere Ransomware completely. The Runsomewere Ransomware carries out a typical encryption ransomware attack, encrypting the victim's files and then asking for the payment of a ransom.
Table of Contents
The Devasting Effects of the Hidden Tear Project Release
The Hidden Tear project, released publicly by Otku Sen, was ultimately a catastrophic event for malware researchers since it spawned countless encryption Trojans that were released in 2016. The fact that a ransomware engine as powerful as Hidden Tear was made publicly available meant that con artists without the necessary resources or technical expertise could now access powerful threats and create countless threat variants like the Runsomewere Ransomware. The Runsomewere Ransomware is being distributed using corrupted spam email messages currently. These corrupted spam email messages may use social engineering tactics to convince computer users to download and run an attached file. For example, the email may appear to have been sent by a social media platform like Instagram, a bank, or a delivery company like FedEx or DHL. The attached file will exploit vulnerabilities in software, such as a poorly implemented macro functionality, to download and install the Runsomewere Ransomware or other threats on the victim's computer.
How the Runsomewere Ransomware Attack Works
The Runsomewere Ransomware receives its name because of a line of code in the Runsomewere Ransomware's executable file. It is possible that it is simply a misspelling of the words 'Runsomewhere,' or 'run somewhere.' The Runsomewere Ransomware infection changes the victim's Desktop image to a picture of the iconic doll from the Jigsaw films. However, this does not mean that there is a connection between the Runsomewere Ransomware and the Jigsaw Ransomware infection that was first observed in early 2016. Like most ransomware Trojans that are being distributed simultaneously in November of the Runsomewere Ransomware, uses the AES-256 encryption to make the victim's files inaccessible, targeting files in the default user library, in the following directories:
%UserProfile%\Desktop
%UserProfile%\Downloads
%UserProfile%\Documents
%UserProfile%\Pictures
%UserProfile%\Music
%UserProfile%\Videos
The Runsomewere Ransomware will try to encrypt certain file types, targeting spreadsheets, text documents, eBooks, audio files, videos, images, and other files that could have value to the computer user. In the Runsomewere Ransomware attack, the following file types will become encrypted and will no longer be able to be accessed on the victim's computer:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
The Payment of a Ransom is Never Recommended
Although the people responsible for the Runsomewere Ransomware claim that they can decrypt your files if you pay a ransom, PC security analysts strongly advise against paying the Runsomewere Ransomware's ransom. Paying these ransoms allows con artists to continue creating and distributing these threats. In many cases, con artists will not deliver the decryption utility after the victim has paid. They are equally likely to ignore the victim, ask for more money, or simply deliver a decryption key that does not work. Because of this, preventive measures should be taken. The best way to prevent the Runsomewere Ransomware attacks and ensure that you can recover quickly is to have backups of all files and update these backups regularly.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.