Home Malware Programs Ransomware PGPSnippet Ransomware

PGPSnippet Ransomware

Posted: May 22, 2018

The PGPSnippet Ransomware is a file-locker Trojan that scans your PC for all non-essential file types and blocks them with encryption. The threat also leaves '.decodeme666@tutanota_com' extensions on the data that it holds hostage and creates a text message for ransoming an unlocking service. Have your anti-malware products block or delete the PGPSnippet Ransomware, and use backups or free decryption solutions for restoring any files.

Trojans Taking More than a Snippet of Your Files

A new Windows threat, which many cybersecurity products are flagging as a variant of the Zusy banking Trojan incorrectly, is undergoing the startup phase of a campaign for ransoming its victims' files for Bitcoins. The PGPSnippet Ransomware, which is similar to well-known Trojans with encryption-based payloads like the Globe Ransomware or Hidden Tear, is not an evident relative of any past project or campaign. However, malware experts are rating it as capable of causing high quantities of file damage on par with that of the file-deleting Jigsaw Ransomware.

The PGPSnippet Ransomware doesn't delete the data that it encrypts but does ignore the traditional use of a format-based whitelist. The threat enumerates each hard drive in turn, and locks all non-OS files, regardless of whether they're documents, images, gaming components, software executables or any other data type. Malware experts, still, note that its author doesn't intend for the PGPSnippet Ransomware to 'wipe' the PC or damage the OS since doing so would prevent its ransoming message from being readable.

This file-locking Trojan delivers its demands via a Notepad file that contains a 500 USD payment request, via Bitcoins, which sidesteps the legal protections of a conventional, government-backed currency. The user is given three days to comply before the threat actor raises the price, with the e-mail address for negotiations added to both the text message and the names of the 'captive' files.

Snipping Bad-Faith Negotiators out of Your File System

Most file-locking Trojans use a filtering method that targets only a small subset of the media you save on your PC. Unlike most of them, the PGPSnippet Ransomware doesn't discriminate between prominent data types, such as Word documents, recreational ones, such as gaming saves, or software-critical ones, such as EXE executables. Malware experts also found an overall absence of filtration based on directories, although they have yet to see the PGPSnippet Ransomware damaging the operating system of any infected systems.

The PGPSnippet Ransomware campaign has yet to reveal its infection strategies for any substantial analysis. In previous attacks of threats with similar features, malware experts could confirm the abuse of in-browser scripts, document-based macros, spam e-mails, and brute-forcing non-secure passwords of remotely-accessible servers. A minority of file-locking Trojans also circulate throughout file-sharing networks and free software sites. Most anti-malware applications should eliminate the PGPSnippet Ransomware in all cases of attempted installations without the manual intervention of a threat actor.

Fortunately, the PGPSnippet Ransomware uses a non-secure encryption method, in the versions available to our malware experts. Contact researchers in the anti-malware community with cryptography experience for any assistance you need on recovering your files with a decryptor without rewarding a criminal for it.

Loading...