Revolution Ransomware
Posted: September 12, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | September 13, 2017 |
|---|---|
| Last Seen: | November 5, 2021 |
| OS(es) Affected: | Windows |
The Revolution Ransomware is a Trojan that locks your files to keep them unusable while the threat actor waits for you to pay a ransom for his unlocking service. Although the Revolution Ransomware is similar to other Trojans of its category symptomatically, malware experts recognize it as an independent program without being a resident of families like the Xorist, and the CryptMix Ransomware. PC users at risk of infection should back up their work to another device and install anti-malware products for removing the Revolution Ransomware.
A Revolution in Trojan Engineering with Borrowed Slogans
Identifying new Trojans often results in pursuing fruitless trails that offer zero or inaccurate results. Although an individual symptom that's present in an attack, such as how a Trojan renames a file, may be a positive indication of its code's point of origin, in other instances, such signs that are misleading intentionally. The Revolution Ransomware exemplifies such trends by being an independent threat that is currently, widely classified incorrectly as a variant of the Synack Ransomware.
The Revolution Ransomware's campaign is in the deployment phase of its operations and appears to focus its attacks against vulnerable, server-based PCs in the business sector. After gaining access through methods such as email or brute-force attacks, the Revolution Ransomware generates both a 'customer' ID for the victim and an encryption key and uploads this data to an external server. Then, it begins encoding any media formats on the local hard drives. Like similar Trojans, the Revolution Ransomware adds its custom extension to the name of every file it locks (the '.revolution' string).
The Revolution Ransomware also creates a text message that malware experts last found circulating in the payload of the MOLE Ransomware. These instructions ask you to pay an unspecified amount within several days, along with providing such information as the ID and the threat actor's email. Whether the RSA-based encryption method the Trojan describes in its note is accurate has yet to be verified by our malware analysts, although no free decryption solutions are compatible with this threat, as of early September.
Bringing an Early End to Not-So-Revolutionary Filing Problems
The Revolution Ransomware has, so far, confused its identity in current threat databases for various major AV vendors successfully, which can increase the possibility of a victim using the wrong decryption tools for recovering their media. When trying to unlock your files through freeware methods, always test backup copies of the encrypted content, in case the resulting decryption causes irreversible data corruption. Malware experts also stress the value of having backups predating an attack to keep Trojans like the Revolution Ransomware from being able to extort money through threats to your data routinely.
Threat actors often lead attacks against server-based infrastructure by abusing email attachments or brute-forcing their way through confidential, but quickly broken login combinations. Sophisticated user name and password choices can keep brute-force hacking tools from giving a remote attacker access to your PC without your consent. A majority of anti-malware programs also may remove the Revolution Ransomware on sight, although many of them will detect it under an inaccurate label.
Always be careful about what actions you take to undo the impact of a Trojan's infection. Something as minor as a misstep in determining what family a file-locking program belongs to can turn into file damage that the likes of even the Revolution Ransomware's decryptor can't decode readily.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.