Threat Database Ransomware SureRansom Ransomware

SureRansom Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 26
First Seen: February 2, 2017
Last Seen: June 16, 2022
OS(es) Affected: Windows

The SureRansom Ransomware is a threat that seems to be a work in progress currently. Samples of the SureRansom Ransomware uncovered by malware analysts have shown that the SureRansom Ransomware attempts to combine the functions of an encryption Trojan with a banking Trojan since it also attempts to collect login information for online banking websites, besides charging 50 pounds to the victim's accounts automatically for its decryption 'service.' PC security analysts have observed a version of the SureRansom Ransomware in development, which is contained in executable files named either ‘SureRansom.exe’ or 'Sure.exe,' both used in the SureRansom Ransomware attacks. The SureRansom Ransomware seems to be in progress currently and is clearly still in the early stages of development. In its current form, the SureRansom Ransomware is not capable of encrypting the victims' data. The SureRansom Ransomware is being classified as a lock screen Trojan currently because of the limited functionality it has in its current stage of development.

You can be Sure that the SureRansom Ransomware will Cause a Lot of Harm

Although the SureRansom Ransomware is not capable of encrypting victims' files yet, it does display a lock screen that prevents computer users from accessing their data. The SureRansom Ransomware can display one of two different messages on the victim's computer. The following are the two messages that have been associated with the SureRansom Ransomware attack in its current form:

'Hard Drive Encrypted
your Files have been encrypted with AES-256 and cannot be
recovered without the key
To purchase the key click the link below
Purchase key (£50)'

and

'Confirm payment
Using stored passwords, £50 will be charged to one of your accounts
Purchase Key (£50)
I don't want my data'

The SureRansom Ransomware's lock screen prevents computer users from accessing their Desktops, as well as other important tools such as the Task Manager and the Registry Editor. The SureRansom Ransomware lock screen can be bypassed by starting up Windows using Safe Mode or some other alternate boot method. Computer users will receive the second message after they click on a link that says 'Purchase key (£50),' which attempts to charge the payment amount to the victim's online banking accounts automatically. This is an unprecedented payment method that has not been observed in other ransomware Trojans before.

Dealing with the SureRansom Ransomware Infection

The SureRansom Ransomware may not be working as planned. Whenever the victim's computer starts up, the SureRansom Ransomware displays its lock screen and, in the SureRansom Ransomware's current iteration', the automatic payment mechanism does not function. It is unlikely that the SureRansom Ransomware will overtake other more common ransomware Trojans, but it is certainly interesting that con artists are attempting this tactic as a way to generate profits at the expense of computer users. Today, it is more necessary than ever that computer users take steps to protect their machines from threats like the SureRansom Ransomware.

To protect your computer from the SureRansom Ransomware attack, you should have backups of all of your files (especially if the SureRansom Ransomware's encryption capability is implemented in a future iteration of this threat). It is also essential to have a reliable security program that is fully up-to-date to help remove the SureRansom Ransomware threat itself. Fortunately, in its current form, the SureRansom Ransomware's lock screen can be skipped easily by starting up Windows in Safe Mode. This will restore access to the infected computer. Once access is restored, computer users are advised to use a reliable security program to remove the SureRansom Ransomware itself.

As far as the SureRansom Ransomware may interfere with the victim's bank accounts, it would be necessary to have numerous resources to implement an attack that could be capable of doing this, since it would require attackers to plan for any number of browsers and browser configurations, as well as online banking portals. Eventually, it is likely that con artists will prefer simply to collect the victim's online banking passwords rather than implementing some automatic payment method.

Trending

Most Viewed

Loading...