PSCrypt Ransomware
Posted: June 26, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 58 |
First Seen: | June 26, 2017 |
---|---|
OS(es) Affected: | Windows |
The PSCrypt Ransomware is a member of the Globe Imposter Ransomware family. It may imitate some of the symptoms of the Globe Ransomware while also including similar attacks, such as encrypting your files, changing their names, and creating messages that ask for money. Backup your files to keep them from being at risk from encryption-based attacks and use automated anti-malware analysis to detect and delete the PSCrypt Ransomware as quickly as possible.
Ukraine Gets New Problems in the Form of Bitcoin Thieves
Even a single day can mean a lot to the threat black market and the anti-malware industry that defends against it, with twenty-four hours being more than ample time for well-organized campaigns to get underway. The PSCrypt Ransomware is demonstrative of the kind of rapid deployment plans that threat actors can use when they already have most of their code from preexisting sources particularly. Malware experts are confirming this Trojan's build for having rapid and widespread distribution in the wild, with the infections apparently being targeted attacks.
The PSCrypt Ransomware's authors are installing this to business sector-based systems, although the method in question, such as e-mail spam, EKs, or brute-forcing, is under investigation. Compromised entities are predominantly Ukrainian, although other areas, such as Europe and Russia, also are under attack. After infecting the PC, the PSCrypt Ransomware begins an encryption routine that locks your files and appends the '.pscrypt' extension to their names, all without any symptoms until after the fact.
Through an HTML file it places in the same folder as the locked media, the PSCrypt Ransomware also provides ransoming instructions for recovering the blocked data. Although the message has step-by-step Ukrainian text to ask for Bitcoins, malware experts suspect that the threat actors are using an automatic translation tool, rather than being native speakers.
Keeping Extortion Profits Down While the Globe Keeps On Spinning
The PSCrypt Ransomware's new extension and ransoming text both imply that either new threat actors are using the old code of the Globe Imposter Ransomware, or the old ones are making significant updates to their campaign. Although Ukrainian businesses are especially at risk of being targeted by these attacks, those in other nations also should remain on guard for vulnerabilities. Malware experts often associate the brute-forcing of logins or fake e-mail attachments with attacks against members of the business sector.
Since decrypting the PSCrypt Ransomware for free has yet to be made possible, victims without backups will have no other options for guaranteeing the recovery of anything that the Trojan encrypts. The Trojan also deletes SVC-based backup data, and you should save backups to another device, when possible, to keep them from being at risk.
Different anti-malware programs may block many, if not necessarily all, of the possible infection methods that are popular with file-encrypting Trojans. Whether you choose to recover your media or delete it, always scan the compromised PC with anti-malware tools that can remove the PSCrypt Ransomware and any other threats that might be part of the attack. The PSCrypt Ransomware, like most Trojans of its payload type, doesn't duplicate itself without external assistance.
As far as threat actors are concerned, nowhere is a safe living space to be free from the potential for extortion. Taking good care of your files and your computer, whether at home or the workplace, is a money-saving venture when compared to dealing with unforeseen the PSCrypt Ransomware infections.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:wmodule.exe
File name: wmodule.exeSize: 228.86 KB (228864 bytes)
MD5: e8c2b4a8335c513a92388dcfe595f0e5
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 27, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.