GhostCrypt Ransomware
Posted: May 18, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 63 |
| First Seen: | May 18, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The GhostCrypt Ransomware is another byproduct of the open source 'Hidden Tear' project, which provides con artists with access to a set of code for developing their personal file encryptors. The GhostCrypt Ransomware attacks any available hard drives by looking for specific file formats and encrypting the data therein, stopping you from opening the content. However, malware researchers recommend any other solution before paying the GhostCrypt Ransomware's authors for data restoration, including keeping a dependable backup and deleting the GhostCrypt Ransomware with good anti-malware software.
The Computer Haunting that Wants Your Money
Not every threat author or would-be con artist is an expert programmer, but the black market contains a variety of tools for less-talented enthusiasts interested in building threats, but not from scratch. Hidden Tear or HiddenTear is one of the most recent of these resources and has resulted in a small boost in derivative Trojans, all conducting similar attacks, but with minor differences in their ransoming processes. The bottom line, however, always is that the victims stop being able to access their files, as seen in the GhostCrypt Ransomware's payload.
After the original installation, the GhostCrypt Ransomware scans all hard drives (including network-based ones) it can access for content falling under a handful of formats, including Word documents, images, music, movies, spreadsheets and PowerPoint presentations. The list favors popular Windows software formats but excludes the operating system. The GhostCrypt Ransomware then uses a Rijndael 256-bit encryption algorithm to modify the contents of each file, locking the PC user out of them.
The GhostCrypt Ransomware also places a text ransom demand inside of folders that include any encrypted content. Like many Trojans of late, the GhostCrypt Ransomware claims to be a CryptoLocker variant falsely, possibly to 'cash in' on the widespread notoriety of that threat, or to confuse any data-recovering tactics. While the GhostCrypt Ransomware asks for nearly one thousand USD (two Bitcoins) in ransom, malware experts strongly endorse means of recovering that don't reward threat authors for their misdemeanor.
Purging a Trojan's Spirit without a Lighter Wallet
Unlike a mythological ghost, the GhostCrypt Ransomware leaves permanent evidence of its attacks that you can use to identify an unimpeded infection. Along with the usual ransom notes, victims also can note the new 'format' added to each encrypted file: the '.Z81928819' string. Renaming this text will not remove the encryption routine, and may make it more difficult than otherwise to identify a file in need of decryption. However, free decryption programs already have been developed and released by third parties in the PC security sector.
For PC owners taking the right safety steps, even the importance of a successful decryptor tool can be downplayed. You never should rely on default, locally-accessible backups for countering threats like the GhostCrypt Ransomware, but recovery systems protected by a password login or kept on detached drives are reliable solutions. As per usual, malware experts recommend conducting complete anti-malware scans for removing the GhostCrypt Ransomware, which has no observable self-install capabilities, and may have a relationship with secondary types of threats.
The GhostCrypt Ransomware is a cautionary tale about both the drawbacks and benefits of the threat industry having easily-available code for recycling. Although threats similar to the GhostCrypt Ransomware are copious, their very ease of development also simplifies the process of creating completely free solutions to their attacks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.