8lock8 Ransomware

Posted: May 20, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	71

First Seen:	May 20, 2016
OS(es) Affected:	Windows

The 8lock8 Ransomware is a Trojan that uses AES-256 encryption as a means of attacking local data on an infected PC, which it uses as leverage in an attempted ransom process. Even paying the demanded ransoms as soon as possible may not deliver any promised decryptor services, and malware experts always emphasize free means of protecting your files from threats like the 8lock8 Ransomware. You should treat removing the 8lock8 Ransomware as a mandatory step before restoring any content through the features available from any good anti-malware program.

The New Generation of the Hidden Tear Family: Not so Hidden Anymore

Possibly the clearest example of the surprising interdependency in threat authorship is the recurring development frenzies that follow in the wake of the release of open-source threat. One of these projects, Hidden Tear, is responsible for the generation of several independently-maintained Trojan campaigns, including KimcilWare Ransomware, GhostCrypt Ransomware, and the 8lock8 Ransomware. The last of these Trojans recently began a bilingual campaign that may target both Russian and English-speaking PC users at the same time.

The 8lock8 Ransomware distributes itself in a manner outwardly similar to the Mischa Ransomware, by using e-mail-transferred Web links. These links, which may be disguising themselves with the appearances of account authorization procedures, redirect the victim to an 8lock8 Ransomware installer. The 8lock8 Ransomware then conceals its files in any of several locations, including the Windows Temp folder or AppData directory.

Its location is irrelevant to the 8lock8 Ransomware's payload, which scans all available drives and encrypts all content following under a handful of formats, including popular image types, Web pages, Excel spreadsheets, PowerPoint presentations, Adobe PDF documents and WAV sounds. The 8lock8 Ransomware's included ransom message, in both Russian and English text, redirects the victim to an e-mail address for discussing further details (and, presumably, payment for a decryption service).

Wiping Away the Tears of a File-Ransoming Misdeed

Threatening file encryptors may include additional tags added to the end of each encrypted file's name, which helps victims grasp the scope of the attack. The 8lock8 Ransomware operates in the same manner with its '.the 8lock8' string. Rather than specifying particular folders, the 8lock8 Ransomware encrypts content starting from the root of each drive, which could let it impact large quantities of data theoretically. With encryption being an impenetrable content blockade until its reversal via an attack-specific key, the potential damages to a business system or even a personal-use computer can be high.

There is, however, a significant drawback to threat campaigns basing themselves on the open-source code of others: it greatly eases a research time for countering new variants of the same family. Other entities in the PC security industry already have provided free decryption solutions for the 8lock8 Ransomware, along with a select number of other Hidden Tear-based Trojans. Since not all threatening file encryptors have such countermeasures available, malware experts do still recommend using redundant backups for your generalized data protection.

Always use suitable anti-malware products for removing the 8lock8 Ransomware, which may be installing itself with some additional assistance from other threats. For PC users uninterested in backing up their data to remote drives on a regular basis, they might also consider avoiding Web links from sources not verified as being safe.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe

File name: file.exe
Size: 79.87 KB (79872 bytes)
MD5: cde35efa535dbda233dbf296c6ed462d
Detection count: 17
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 20, 2016