Centurion_Legion Ransomware
Posted: June 14, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 12 |
| First Seen: | June 14, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Centurion_Legion Ransomware is a Trojan that encrypts the infected machine's data with an AES-256 cipher and then loads a desktop image of its ransom demands. Because remote attackers may not honor any payments for buying their decryption assistance, malware researchers always recommend that victims try to use other tactics for restoring the contents of their drives. Whether or not you see the need to save any encrypted files, always use professional anti-malware products for uninstalling the Centurion_Legion Ransomware.
The Newest of the Trojan Legionaries
Tragically, while some high-level threats include symptoms that would be all but impossible to overlook, many of these symptoms reserve themselves for triggering after the rest of the payload has concluded. The result is an infection that a victim only becomes aware of after the worst damage already has been inflicted. Such attacks are a particular commonality with threatening file decryptors like the Centurion_Legion Ransomware and other, possible variants of the Rakhni Trojans.
After launching, the Centurion_Legion Ransomware targets content of as of yet undetermined formats and locations, running them through a standard encryption algorithm. The rearrangement of the data makes the files completely unreadable, and the Trojan protects the decryption with a private key that the Centurion_Legion Ransomware transfers to a remote server. You can note any damaged content by the new names, which include the Centurion_Legion Ransomware's name in the form of an e-mail address, along with the XTBL extension.
Malware experts almost always connect such attacks to efforts to defraud the victim through a ransom-based decryption service, a trend of which the Centurion_Legion Ransomware is no exception. The Centurion_Legion Ransomware promotes its decryption services through an image loaded to the PC's desktop wallpaper automatically. It does not mention the money required by its ransom directly, possibly to increase the bargaining advantage of its admins.
Disbanding the Worst Kind of Roman Army
PC users following the overall trends in the security industry may note that the Centurion_Legion Ransomware's payload has a strong resemblance to those of past threats, including the Ecovector Ransomware, the Vegclass@aol.com Ransomware, and other derivatives of the Rakhni family. This commonality gives hope of one solution to victims, who may consider using the Rakhni-specific decryptor apps provided by various security companies without paying the Centurion_Legion Ransomware's con artists. However, since the Centurion_Legion Ransomware is using a Cipher Block Chaining technique that could complicate your data recovery, malware experts recommend avoiding using different, potentially inappropriate decryptors blindly.
The Centurion_Legion Ransomware may infect new systems via forged e-mail messages, which can include its installation vehicles in embedded Web links or attachments. Use your anti-malware products to scan suspicious files and links before any further interactions to avoid the most commonly-used exploits for Trojan installations. In the past, such campaigns have most often seen fit to target business entities, with messages designed for individual institutions explicitly.
The greatest dangers of the Centurion_Legion Ransomware infections also are some of the most readily abated by simple data preservation techniques. Malware experts suggest routine use of backups on non-local drives frequently for keeping all content away from encryptors like the Centurion_Legion Ransomware. However, if that should fail, an up-to-date anti-malware scanner should have few problems with removing the Centurion_Legion Ransomware, even if it can't reverse the encryption.