USBR Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 371 |
First Seen: | August 31, 2017 |
Last Seen: | June 14, 2023 |
OS(es) Affected: | Windows |
The USBR Ransomware is an encryption ransomware Trojan. These threats have become very common in 2017, and computer users need to take steps to ensure that their machines and data are safe from encryption ransomware Trojans like the USBR Ransomware. Ransomware Trojans like the USBR Ransomware function by taking the victims' files hostage. To do this, the USBR Ransomware uses a strong encryption method to make the victim's files unusable. The USBR Ransomware demands payment of a ransom in exchange for the decryption key and program that are necessary to restore the affected files once the victim's files have been compromised. The USBR Ransomware was first observed in the last week of August 2017 and is nearly identical to various encryption ransomware Trojans released in the same period.
Table of Contents
Opening Unknown Email Attachments You can Get Infected by the USBR Ransomware
The USBR Ransomware, like many other encryption ransomware Trojans, is based on HiddenTear. This is an open source ransomware platform that was released in August 2015. HiddenTear, released for educational or proof of concept purposes originally, has been exploited by con artists countless times since its release. Since August of 2015, the con artists have launched hundreds of HiddenTear variants and extorted an inestimable amount of money. Security researchers continue to observe highly effective HiddenTear variants released nearly every day, with the USBR Ransomware being just one of the latest in a long line of encryption Trojans based on HiddenTear. Like many of its clones, the USBR Ransomware is delivered to victims using spam email attachments. When the victim access the compromised file attachment, which may take the form of a Microsoft Word DOCX file, this corrupted file will use embedded scripts and macros to download and install the USBR Ransomware onto the victim's PC.
How the USBR Ransomware Attack Works
The USBR Ransomware can carry out its attack without an Internet connection and runs with the file name USBR.exe on the infected computer. The USBR Ransomware encrypts the victim's files using a strong encryption algorithm and then drops an encrypted copy of the decryption key and a ransom note on the victim's desktop. This ransom note is named 'READ_ME.txt.' While some attacks similar to the USBR Ransomware will mark the encrypted files by renaming them or adding file extensions to the end of the affected files' names, the USBR Ransomware does not change the files' names. However, the files encrypted by the USBR Ransomware will no longer be readable by Windows and will appear on Windows Explorer as blank icons. The USBR Ransomware targets the user-generated files in its attack. There are numerous files that are targeted by the USBR Ransomware, especially the files that are favored by PC users and associated with popular software. The following are some of the file types targeted in the USBR Ransomware attack:
.7z, .bmp, .csv, .dll, .doc, .docx, .exe, .gif, .gz, .jpeg, .jpg, .lnk, .midi, .mp3, .pdf, .png, .ppt, .pptx, .txt, .wav, .wpd, .xlsm, .xlsx, .zip.
After encrypting the victim's files, the USBR Ransomware delivers a short ransom note in the text file dropped on the victim's desktop. The full text of the 'READ_ME.txt' ransom note reads:
'Files has been encrypted
Send me some of your salary in bitcoins or you will lose your file
Cheers, is not end of the world'
This short style of ransom note has been observed in other encryption ransomware Trojans associated with HiddenTear, although there are so many variants of HiddenTear at this point, that it is difficult to find one characteristic that doesn't apply to most of them.
Dealing with the USBR Ransomware
The best protection against the USBR Ransomware and similar threats is to have file backups. If computer users can recover their files from a backup, then there is no need to pay the ransom after the attack. Instead, computer users can recover their files from the backup copies. File backups are the best protection against threats like the USBR Ransomware, and they can undo the attack strategy that allows con artists to profit from the USBR Ransomware completely.