Evasive Ransomware
Posted: November 15, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 21 |
| First Seen: | May 17, 2021 |
|---|---|
| OS(es) Affected: | Windows |
The Evasive Ransomware is a file-locking Trojan that can prevent you from accessing different, common formats of digital media, ranging from documents to compressed archives. The Trojan also may make extension-based changes to the names of your files, create messages demanding a ransom for its file-unlocking key, and operate as a concealed, background memory process. Due to its being a threat to any data you save on your computer, malware experts recommend allowing your anti-malware products to detect and delete the Evasive Ransomware in all cases.
A Trojan with Poor Evasive Techniques
New months bring new versions of suspicious or threatening software to the fore of centralized threat analysis databases, such as another variant of the file-locker Trojan known as Hidden Tear. While the threat actor administrating its potential campaign has taken steps to secure his ransoming communications, in other aspects, the Evasive Ransomware is limited, with few changes to the Hidden Tear payload and poor avoidance of existing threat detection standards. In spite of its small-scale edits, the Evasive Ransomware can target and damage over twenty types of data for extorting money out of the PC user.
The Evasive Ransomware, like most versions of the Hidden Tear program, runs in the background without notifying the user of its primary function: searching for files of up to twenty-six formats (including RAR archives, PDF documents and JPG pictures) to encrypt and lock. By default, the Evasive Ransomware's code continues using an AES-based standard for its data enciphering and also appends a generic '.locked' extension onto the names of all the hostage media.
Most versions of Hidden Tear use simple, text-based messages to communicate with their victims. The Evasive Ransomware's author uses a desktop background-hijacking feature, instead, which changes the wallpaper to an image that the Trojan bundles. This picture gives conflicting information on the deadline to contact the threat actor (via an encrypted e-mail service), presumably to pay for receiving a decryption key. Although such a key could restore your files, in theory, malware experts can't yet verify whether the Evasive Ransomware uploads this essential data to the threat actor's remote server or deletes it.
Having the Security to Evade a File-Kidnapping Attempt
With file-locking threats, in general, but any variant of a known-vulnerable family like Hidden Tear particularly, malware researchers can encourage using free decryption programs to restore any files that suffer encryption from an infection. Major AV companies and associated security organizations always provide these tools to the public free of charge. Backing your work up to a secure location, such as a removable USB device, also is a simple but foolproof way to keep the Evasive Ransomware from causing any permanent damage.
The Evasive Ransomware campaign has yet to hash out many of the details concerning its payments, and malware analysts have yet to see a live attack using the Trojan through a verifiable infection vector. Since a majority of file-locking Trojans utilize e-mail-based installation exploits, users who place any value in their files should be cautious about opening suspicious attachments or links. Anti-malware programs should remove the Evasive Ransomware with no more issues than with any other version of Hidden Tear, which has very little protection from current threat analysis protocols.
The Evasive Ransomware is idealistically named, with no modifications that would make it any better than old Hidden Tear remixes for avoiding quarantining by security software. Even with that in mind, slacking on coding from the Evasive Ransomware's author isn't a good excuse to exercise equal carelessness with your file preservation or Web security habits.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.