MafiaWare Ransomware
Posted: January 6, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 60 |
| First Seen: | January 6, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The MafiaWare Ransomware is a Trojan that encrypts files on your computer to lock them and then tries to extort money to give you a decryption key. PC users can counter its attacks most readily by backing up any important data to locations the Trojan can't scan, such as any removable device, and having anti-malware protection for detecting the Trojan's system entry point. Most anti-malware programs viable against previous versions of Hidden Tear also should remove the MafiaWare Ransomware safely.
Between Trojans like the First Ransomware, the Hidden-Peach Ransomware, and the new the MafiaWare Ransomware, Hidden Tear is a Trojan family likely to leave a stark mark in the first quarter of 2017. The MafiaWare Ransomware, also referred to as Depsex within its ransom messages, is a straightforward example of threat actors re-implementing old code for a fresh attack campaign. This file-enciphering Trojan includes updates to its contact methods, self-financing strategy, and, in all probability, infection vectors.
Besides its brand name, the MafiaWare Ransomware has no clear connections with any organized crime family. Due to being a derivative of a 'low-end' and unsophisticated Trojan family, the MafiaWare Ransomware is not likely of being administrated by career con artists with any long-term, professional backgrounds. Any familial limitations aside, the MafiaWare Ransomware can block files, like other versions of Hidden Tear, permanently. Symptoms malware analysts continue recommending that readers watch for include:
- The MafiaWare Ransomware uses any of several AES algorithms to encrypt your files by format or directory and emphasizes media, such as documents, spreadsheets, pictures, and audio.
- The Trojan adds an independent extension to the content that it encrypts. Searches for the '.Locked-by-Mafia' extension will let victims determine which files are unreadable.
- The MafiaWare Ransomware turns this attack into a potential profit generator with its ransom message, a Read Me text file instructing you to transfer 155 USD in the Bitcoin currency to a wallet address. Since the victim can't cancel the payment afterward, the threat actor is free to accept the money and avoid providing any file recovery help, if he wishes.
Keeping an Upstart Ill-Minded Family out of Your Hard Drive
Traditionally, free and rental Trojans like Hidden Tear or the CrySiS builder are not products that well-funded threat actors favor. Their widespread use makes developing security counter-responses easier than otherwise, and Hidden Tear does have free decryption solutions for any victims to try. The use of a Gmail-based e-mail address also indicates that the MafiaWare Ransomware's operators aren't experienced or interested in a long-term campaign necessarily.
Even with all of these caveats, the MafiaWare Ransomware maintains its identity as being a potential permanent blockade against any local data. Backing your files up to cloud servers or removable drives can give you additional recovery choices and cripple any urgency associated with the Trojan's decryption demands. Malware experts also encourage scanning suspicious downloads and e-mail attachments to catch and delete the MafiaWare Ransomware before an infection's occurrence.
Windows owners will, unfortunately, need to stay observant of expansive Trojan families like the MafiaWare Ransomware's gang, since the odds are against Hidden Tear's falling into disuse anytime soon.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.