Styver Ransomware
The Styver Ransomware is an encryption ransomware Trojan that was first observed on February 27, 2018. The Styver Ransomware is one of the many variants of HiddenTear that are being used to carry out attacks against computer users. You should take steps to protect your data from these threats since the opening of new open source ransomware platforms, and RaaS services (Ransowmare as a Service) has meant a large increase of these infections being used to take advantage of gullible computer users.
How the Styver Ransomware Attacks a Computer
The Styver Ransomware is delivered to victims through the use of phishing emails primarily, which will often impersonate trusted sources such as Amazon or Facebook. These email messages may include a file attachment in the form of a DOCX file. These files use embedded macro scripts to download and install the Styver Ransomware onto the victim's computer. Due to the way these programs are set up, many anti-virus programs are not capable of intercepting the attack, although Windows User Account Control will often display a notification. Once the Styver Ransomware has been downloaded, it will scan the victim's files in search for the user-generated files matching a list of file types in its configuration settings. Threats like the Styver Ransomware are designed to encrypt the victim's files in an attempt to receive a ransom payment in exchange for the decryption key. The Styver Ransomware will avoid the Windows system files because it requires Windows to remain functional so that it can deliver its ransom note. The file types that are typically encrypted in attacks like the Styver Ransomware include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Styver Ransomware will mark the files it affects with the file extension '.styver' after encrypting them, making it simple to know which files have been encrypted by the Styver Ransomware attack.
The Styver Ransomware will deliver a ransom notification, as long as the targeted files are encrypted. The Styver Ransomware's ransom notification is quite short, just suggesting that the victim contact its admins via the email address associated with the Styver Ransomware attack. The Styver Ransomware delivers its ransom note in the form of a text file named 'HELP ME PLS.txt' that is dropped on the infected computer's desktop. The text of the Styver Ransomware ransom note reads:
'Hello. If you want to restore files, write me to styver.goodman@aol.com.
Your userkey:
[RANDOM CHARCTERS]'
Infected computer users shouldn't contact the people responsible for the Styver Ransomware attack. Instead, computer users should take preventive measures so that the affected files can be restore from a backup copy.
Protecting Your Data from the Styver Ransomware
The best protection against the Styver Ransomware and similar threats is having file backups stored on secure places. Having file backups means that computer users will have no need to consider interacting with the cybercrooks. Apart from file backups, a security suite that is fully up-to-date should be used at all time to intercept these attacks, as well as to remove the Styver Ransomware Trojan itself in the event of an infection.
