'Okean-1955@india.com' Ransomware
Posted: August 17, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 64 |
| First Seen: | August 17, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The 'Okean-1955@india.com' Ransomware is a Trojan that targets data, blocks it with a data-modifying encryption routine, and sells a corresponding decryption service to its victims. PC operators should be especially on the lookout for e-mail attachment-based attacks that are most likely to install this threat, and use backups for protecting their data. Malware experts only endorse deleting the 'Okean-1955@india.com' Ransomware with a dedicated anti-malware program regardless of the fate of any encrypted files.
Trojans Milking Businesses for Ransoms in a Day
One of 2016's most enduring threat industry trends is the growing range of new file encryption attacks based on previous threats, such as the particularly widespread Troldesh Ransomware family. Being based on already-observed code doesn't necessarily prevent a Trojan from being a threat to your saved data, as malware experts see exemplified in the 'Okean-1955@india.com' Ransomware. This Trojan's campaign was confirmed in the middle of this year and targets NGOs, such as business organizations (most likely by exploiting e-mail-based infection strategies) currently.
Like other kinds of Troldesh Ransomware, the 'Okean-1955@india.com' Ransomware targets non-essential content, such as SQL, XLS or DOC. The 'Okean-1955@india.com' Ransomware also scans for local and remotely-accessible drive data associated with backups. An encryption routine modifies all 'appropriate' data and prevents it from being opened while the 'Okean-1955@india.com' Ransomware also adds ID numbers, an e-mail address, and the '.xtbl' extension to the names.
Victims are asked to pay for the safe return of their data, with additional instructions included in a text document and desktop-locked image. Although the 'Okean-1955@india.com' Ransomware places victims under a twenty-four-hour time limit, malware experts have not verified any data-deleting attacks, or similar functions, after the duration expires with no payments received.
Keeping Your King's Ransom for What Already Belongs to You
The 'Okean-1955@india.com' Ransomware is just a single example out of many cases of Trojans retooling themselves for targeting different victims and delivering ransoms to various con artist entities. Relatives of the 'Okean-1955@india.com' Ransomware that you may identify via similar symptoms include the 'alex.vlasov@aol.com' Ransomware, the Payfornature@india.com Ransomware, the 'Av666@weekendwarrior55' Ransomware, and over a dozen other threats. All attacks allow you to see which files the Trojan damages by noting the changes to their names. Note that renaming does not decrypt them or otherwise help you regain access to the locked content.
As a rule, malware experts discourage making ransom payments to con artists. These people may respond by providing a non-functional decryptor that may cause additional damage to your data, or by ignoring any requests for help after they receive their payment. Use backups stored in locations not accessible by the 'Okean-1955@india.com' Ransomware (such as a protected cloud server) to restore content that you can't decrypt. Some PC security institutions also offer decryption services for well-known families like the 'Okean-1955@india.com' Ransomware's group, although these solutions are not always successful.
Based on the 'Okean-1955@india.com' Ransomware's current targets of businesses dealing with high quantities of transactions, it's not only individual PC owners who are at risk from this new version of the Troldesh Ransomware. Use your anti-malware products to delete the 'Okean-1955@india.com' Ransomware, but follow good security protocols preferably to avoid the exploits by which the 'Okean-1955@india.com' Ransomware installs itself at all.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.