Mahasaraswati Ransomware
Posted: May 27, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 49 |
| First Seen: | May 27, 2016 |
|---|---|
| Last Seen: | May 8, 2023 |
| OS(es) Affected: | Windows |
The Mahasaraswati Ransomware is a Trojan that encrypts your files and then promotes an e-mail address for 'security specialists' who will sell you the matching decryption key. While these attacks can cause permanent damage to your personal data, paying these ransoms does not always result in a reciprocal exchange of services, and malware experts can recommend any of several free alternatives. PC users removing the Mahasaraswati Ransomware infections should be sure to use full system analyses by their anti-malware scanners, which should detect other components related to this campaign, such as any Trojan droppers.
Subjecting Your PC to the 'Art' of Encryption
The Hindu goddess of arts Saraswati may form an essential part of the world's third-largest religion, but threat authors aren't known for being especially devout. At least one threat campaign has chosen to turn this deity into a personal mascot for file-encrypting attacks, with the goddess delivering the initial ransom instructions and rerouting you to a con artist. The formats of these attacks are similar to those of earlier threats seen by malware experts, such as the suspected Rakhni derivatives of the JohnyCryptor Ransomware and the 'Av666@weekendwarrior55' Ransomware.
The Mahasaraswati Ransomware uses changes to the system Registry for enabling its automatic launch, and, afterward, scans for data formats including spreadsheets or text documents. The Trojan gives all names a series of system-specific ID numbers, as well as the e-mail address that con artists intend their victims to contact. More significantly, each file also is modified by an encryption algorithm that changes the underlying data, turning it into uninterpretable content.
Besides its most obvious symptoms, malware experts saw some traits of the Mahasaraswati Ransomware setting this threat apart from similar Trojans. Its ability to encrypt even executable (or EXE) programs and its slightly unconventional file path (based on the Roaming directory) make it relatively creative compared to other file encryptors with otherwise identical payloads.
Trumping the Wisdom of Surrendering to a Hoax with a Common-Sense Solution
The Mahasaraswati Ransomware's con artists have histories of pretending to offer security services as a 'legitimate' company, although other aspects of their trade (such as an insistence on Bitcoin payments) make their tactic instantly identifiable. Between the free decryptors regularly released by the PC security sector, and the widespread availability of backup storage, you never should need to pay for your data's recovery. Similarly, PC owners never should take security recommendations delivered through unusual pop-ups, regardless of the nature of the iconography included in the images.
The Mahasaraswati Ransomware also provides another, unintentional incentive to back your content up: the fact that its ransoms range from moderately to extremely high, starting at over a thousand USD with a ceiling of nearly two thousand. While this ransom fee is much greater than that of other Trojans of its type, malware experts have found no relationship between the expense of a Trojan's ransom demands and the complexity of its encryption routine.
Since anti-malware programs typically don't include decryption features, deleting the Mahasaraswati Ransomware and restoring your data require separate strategies. However, always removing the Mahasaraswati Ransomware first will re-secure your PC and give you a safe foothold from which to use other security tools, or restore from a backup.
Initial evidence suggests that the Mahasaraswati Ransomware may be installing itself through pirated software torrents, such as cracked copies of the Crysis shooter, although other infection avenues are just as open.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.