CryptoHasYou Ransomware
Posted: March 30, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 69 |
First Seen: | March 30, 2016 |
---|---|
OS(es) Affected: | Windows |
The CryptoHasYou Ransomware is a Trojan that holds the data on your PC hostage by encrypting it, thereby forcing its victims to buy a decryption service from a fraudster. Because these transactions have no legal protection or backing, the con artist may not necessarily provide the promised decryptor, or even be capable of doing so. By keeping backups of your important files, you can recover them without decryption access, and by using anti-malware tools routinely, you can identify or remove the CryptoHasYou Ransomware, when appropriate.
The New Malware that Has You (or Your Files)
For many con artists, the easiest way to get money is simply to ask for it by creating circumstances that compel obedience. File-encrypting Trojans can be thought of as a more polite form of threatened violence or blackmail, with typical consequences including being barred from your possessions and data. As an example, malware experts might display the CryptoHasYou Ransomware, a recent threat most likely created as a clone from previously available ransomware kits.
The CryptoHasYou Ransomware arrives by such means as website embedded exploits or installers hidden inside of e-mail attachments. The CryptoHasYou Ransomware then scans your computer for specific file types not required by Windows. These types include, but aren't limited to INI (a text-based program initialization file), WSD (WordStar text documents) or PDB (a Microsoft-developed program database). Data falling into the CryptoHasYou Ransomware's prerequisites will experience encryption through an AES-256 cipher. Once they're encrypted, these files can't open or be read, and must be replaced or decrypted by a compatible decryption application.
Malware experts have yet to see any functional decryptors for the CryptoHasYou Ransomware being made available to the public. Victims can speed up the development of such counter responses by delivering samples to relevant anti-malware organizations when requested.
After its encryption attack, the CryptoHasYou Ransomware also creates image and text files corresponding to ransom messages. Besides selling a decryption service with a supposedly infection-specific key, these messages claim that prices will rise over time. Accordingly, the PC user is pressured into paying as quickly as possible, without taking the time to consider the potential consequences.
Beating the Clock on a Digital Hostage Crisis
You can determine which files the CryptoHasYou Ransomware harms by searching for the '.the CryptoHasYou' or '.enc' extensions. These extensions have no impact on the encryption process and are only useful for identification purposes. The CryptoHasYou Ransomware's con artists do offer a 'trial' decryption service that decrypts individual files free of charge, which offers a limited means of data recovery. However, PC owners keeping their data safe in Web storage or USB devices never should need to decrypt any of their held-for-ransom files.
The CryptoHasYou Ransomware campaign is only one of many using the proven principles of threatening data encryption for extracting ransoms from NGOs, governments, businesses and other entities. Uninstalling the CryptoHasYou Ransomware, and other threats that may assist with its installation should always include scanning the compromised PC with anti-malware products. However, preventing a CryptoHasYou Ransomware infection still is the safest course of action for your saved data. Based on past incidents, malware experts stress network and e-mail security protocols, which are likely of being useful in limiting the CryptoHasYou Ransomware's future movements.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.