SkyName Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 16,965 |
Threat Level: | 80 % (High) |
Infected Computers: | 27 |
First Seen: | January 10, 2017 |
Last Seen: | June 27, 2023 |
OS(es) Affected: | Windows |
The SkyName Ransomware is a ransomware Trojan that is being used to attack computer users. Like most encryption ransomware Trojans, the SkyName Ransomware is designed to encrypt victims' files to demand the payment of a fee in exchange for the decryption key. Encryption ransomware Trojans like the SkyName Ransomware have increased in popularity in the last few years because the attack they carry out can be quite devastating. You can prevent the SkyName Ransomware attacks by having a strong anti-malware program and backups of all files to minimize the extent of the damage in the event of an infection.
Table of Contents
The Inconsistence of the SkyName Ransomware
Reports of attacks involving the SkyName Ransomware first surfaced on January 10, 2017. PC security researchers observed that samples of the SkyName Ransomware were submitted to online anti-virus scanners. This is a common way in which threat creators test their threats to make sure they can bypass commonly used anti-virus programs. The current version of the SkyName Ransomware can run on the victim's computer while avoiding detection from many anti-virus programs. The SkyName Ransomware is a variant in the HiddenTear family of threats, based on an open source ransomware engine released to the public for 'educational purposes.' PC security analysts suspect that the SkyName Ransomware is still in the early stages of development.
Specific Aspects of the SkyName Ransomware Infection
Although the SkyName Ransomware carries out a typical encryption ransomware attack, there are several elements of the SkyName Ransomware that seem incomplete. In a sense, the SkyName Ransomware seems almost to be a demonstration version, which has been observed in cases involving other threats. There is nothing about the SkyName Ransomware that is more advanced from other ransomware Trojans, and the SkyName Ransomware lacks many more advanced features observed in these threats, such as communication over the TOR network. The encryption algorithm used by the SkyName Ransomware is also not particularly advanced (although this does not guarantee the eventual release of a decryption utility).
Despite that the SkyName Ransomware is not as advanced as many ransomware Trojans on the market, the SkyName Ransomware does carry out an effective encryption attack, targeting numerous file types and encrypting the victim's files as long as they are smaller than 50 MB. The SkyName Ransomware does not identify the encrypted files in any way. Many other ransomware Trojans will add a file extension to the affected files, making it obvious which files have been encrypted. However, the files that are encrypted will show up in the Windows Explorer as blank icons, since Windows will be unable to recognize them and create a thumbnail.
Distribution and Targets of the SkyName Ransomware Trojan
The SkyName Ransomware seems to target computer users located in the Czech Republic. The SkyName Ransomware delivers its ransom note in an HTA pop-up message named 'Vase soubory byly zasifrovany tak, ze k nim nemate pristup', which in English means 'Your files are encrypted so that they you do not have access.' Victims of the SkyName Ransomware attack are asked to purchase 1000 CZK (Czech Koruna) in BitCoins, which is about 0.04 BitCoin at the current exchange rate. Victims are asked to email jschweiz@protonmail.ch to confirm the payment. The ransom asked by the SkyName Ransomware is not particularly high compared to other ransomware Trojans. However, computer users should avoid paying the SkyName Ransomware ransom. When it comes to ransomware Trojans, paying the ransom does not guarantee that the decryption key necessary to restore the files will be delivered. The people responsible for the attack are just as likely to ignore the victim, ask for more money, or deliver a decryption key that does not work. Instead, PC security analysts strongly advise computer users to have backups of all files and a reliable security program that is fully up-to-date. This allows recovery by restoring the affected files from the backup.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.