EduCrypt Ransomware
Posted: June 28, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 77 |
| First Seen: | June 28, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The EduCrypt Ransomware is a Trojan that uses data encryption as a method of frightening and 'educating' its victims. Although current versions of the EduCrypt Ransomware don't ask for any cash payments, they do link to potentially untrustworthy decryption tools, and otherwise, conduct attacks that violate the integrity of your PC's data. PC owners dealing with this threat should use traditional anti-malware tools for deleting the EduCrypt Ransomware and recover their data by safe methods, instead of those recommended by threat developers.
The High Price of Threat Education
The motivations of the modern threat industry lean invariably towards profit at almost any cost, but the origins of threats like viruses steep themselves in more capricious motives than greed. The EduCrypt Ransomware is a new Trojan that, in some ways, calls back to the 'simpler' time of programmers creating threats for mischief, rather than money. However, like many for-profit Trojans, it uses the Hidden Tear for a foundation of code.
The EduCrypt Ransomware is a much-reduced variant of the Hidden Tear, and, unlike most file encrypting Trojans, uses a universal decryption key that applies to any infection. The EduCrypt Ransomware targets directories associated with the Windows user's profile, including Downloads and Documents, and only encrypts a limited range of formats (such as DOC, MP3, XLS and PPT). Encrypted files are identifiable with the appended '.locked' or '.isis' tag, although malware experts have seen no other evidence of political affiliations within this Trojan campaign.
Last of all, the EduCrypt Ransomware creates a text message informing the victim of the attack. Instead of requesting money, the EduCrypt Ransomware sends the victim on a 'scavenger hunt' for a second file that contains the universal decryption key (HDJ7D-HF54D-8DN7D) and links to a download of a possible decryption application. Malware experts don't encourage using this product, whose safety is unverified, especially since legitimate PC security entities already provide working decryptors for most Hidden Tear-based Trojans.
Getting a Passing Grade in Trojan Protection Class
The EduCrypt Ransomware's primary purpose appears to be fear-mongering or informing PC users in general about the potential dangers that the threat industry is capable of inflicting on an unprotected machine. On the other hand, the EduCrypt Ransomware still takes arbitrary actions that could damage your local data and links to downloads that could be Trojan horses for further attacks. At best, this threat is guilty of causing harm for the sake of preventing the EduCrypt Ransomware in equal measure, and should be assumed to be just as unsafe for your PC as any Trojan.
Use decryptors offered by reputable security organizations for decrypting any data as needed. In circumstances where decryption is less than practical, malware researchers also recommend backing up your information on a regular basis, thereby preventing a single attack from gaining long-term access to any irreplaceable files. In most file-encrypting attacks, local backups are more at risk of being deleted than backups stored in other locations, such as a cloud account's server.
All samples of the EduCrypt Ransomware to date have shown extremely limited capabilities, and this threat does appear to be a genuine attempt at causing a limited amount of damage for the sake of teaching a lesson. Your anti-malware programs should be able to remove the EduCrypt Ransomware without interference, although detecting its installers is a preferable option that can stop your local content from being encrypted at all.
Victims also may note that the EduCrypt Ransomware's offered decryptor is verifiable for being ineffective at decrypting any content with the '.isis' extension.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.