Hidden-Peach Ransomware
Posted: January 5, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 54 |
| First Seen: | January 5, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Hidden-Peach Ransomware is a variant of Hidden Tear, a Trojan that uses the AES encryption for preventing its victims from opening their files, such as spreadsheets or documents. Although the Hidden-Peach Ransomware targets one named directory on your hard drive exclusively, updates to this threat could allow it to lock files in other locations. Stopping the Hidden-Peach Ransomware's installation with anti-malware utilities and saving backups for emergency data recovery are the recuperation options malware experts recommend.
New Flavors of Old Enemies
The wide availability and accessibility of Hidden Tear resources are making it a meaningful name in the threat industry, both for seasoned threat actors and new ones. A recent sample from the last month of 2016 was caught by the cyber security researcher Michael Gillespie and shows how up-and-coming con artists are experimenting with this code repository for potentially harmful ends. For their part, malware experts have yet to see this new threat, the Hidden-Peach Ransomware, in any active campaigns in the wild.
The Hidden-Peach Ransomware follows the pattern of previous releases basing themselves on Hidden Tear and still uses the AES-based encryption method for locking your files. By default, Hidden Tear allows the author to isolate data for blocking it by the formats (such as 'DOC') or the directory paths. The Hidden-Peach Ransomware uses the latter by encrypting a 'desktop\hidden-gay' folder. Data in any other location should remain unaffected by this payload, making the Hidden-Peach Ransomware questionably viable for deployment, until its author makes additional updates. Currently, the Hidden-Peach Ransomware's code setup would allow it to encrypt other locations after nothing more than a straightforward change to a single line of code referencing a simple text string.
The Hidden-Peach Ransomware also generates a Windows message box object that contains what appears to be debugging information regarding the Trojan's password and the specified encryption directory. Since the Trojan is in its testing phases, malware experts find no additional information available or other information of relevance to potential victims, such as any ransom amounts for a decryption key.
Sorting Bad Fruit into the Trash
Traditional builds of Hidden Tear Trojans transfer the key needed for unlocking your files to a remote server with con artists maintaining possession of it until you pay their fee. While the Hidden-Peach Ransomware's author may never end up deploying this threat in a real campaign, the Trojan could, theoretically, block arbitrary files without giving you any recourse for recovering them. For the time being, PC users should remain careful about what names their desktop folders utilize due to their vulnerability to being targets of the Hidden-Peach Ransomware or similar file-encoding Trojans.
Like many members of the Hidden Tear family, the Hidden-Peach Ransomware is under development by an independent threat actor with no known associations to other threat campaigns. However, this Trojan's small file size makes itself suitable for distribution via spam e-mails, which could misname the attachment as a benign one (such as a package delivery notice). Malware experts find no new defenses in this threat, and conventional anti-malware protocols should catch and delete the Hidden-Peach Ransomware when availed of the opportunity.
Whether or not the Hidden-Peach Ransomware is a statement towards the gay community, its simple existence shows how new threat actors still have an interest in experimenting with Hidden Tear, potentially to the detriment of the public at large.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.