RIP Ransomware

Posted: December 5, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	50

First Seen:	December 5, 2016
OS(es) Affected:	Windows

The RIP Ransomware is a Trojan that encrypts your files to lock you out of using them so that it can bargain for ransom money. Con artists don't always honor these transactions, and malware researchers emphasize the usefulness of having backups to circumvent most decrypting problems repeatedly. The standard anti-malware protection provided by your security software also can remove the RIP Ransomware before it completes encoding the contents of your drive or server.

Why Trojans RIP and Tear into Your Files

As con artists continue using third-party resources to recycle the code since Utku Sen removed it from his host site, Hidden Tear has become responsible for another release of file-encrypting threats. Although malware analysts can't confirm its current distribution exploits, weak passwords on RDP machines and incautious e-mail interactions are your most significant vulnerabilities against the RIP Ransomware. Its payload holds to past strategies of blocking your local files and then creating ransom notes recommending that you pay the con artists to retrieve them.

As with most file-encryptor Trojans, the RIP Ransomware shows no detectable symptoms during the encryption process that it uses for scanning for specific formats of files and encoding them with an AES-based cipher. Symptoms following the attack can include:

Your desktop's wallpaper may switch an encryption warning image customized to the RIP Ransomware.
You also may find additional instructions for decrypting the files the RIP Ransomware locks in an advanced Web pop-up loaded in your default Web-browsing application. These instructions lead to payment requests through an untraceable Bitcoin currency normally, preventing you from recovering the money if the threat actor reneges on the deal.
Any files that the RIP Ransomware blocks with its encoding attack also should be detectable by their new '.r.i.p' extensions. In most cases, the process doesn't remove the default extensions or the rest of the name.

Let the RIP Ransomware Rest in Peace

Since con artists are happy to preserve collected and 'borrowed' code in the dark Web, the removal of all 'official' sources of Hidden Tear has done little to slow the creation of new Trojans. File-encrypting threats like the RIP Ransomware represent the most serious threat to PC users who don't keep backups of their most important files, leaving the single copies vulnerable to these data-enciphering attacks. Previous members of the RIP Ransomware's family use very flexible branding and distribution methods, ranging from references to television shows to attempts to compromise would-be Pokemon GO hackers.

Anti-malware products using their latest threat databases should have reasonably high detection rates for this Trojan and related threats that may install it. Businesses should continue monitoring e-mail accounts and remote log-in attempts, which are the most common infection vectors. Having security software able to delete the RIP Ransomware before it begins its encryption scan can eliminate the all-too-common possibility of permanent data loss.

Like the GhostCrypt Ransomware, the 8lock8 Ransomware, and numerous threats before it, the RIP Ransomware makes the point that even temporary mistakes in sharing programming resources can have lasting consequences for everyone's safety.

RIP Ransomware

Threat Metric

Why Trojans RIP and Tear into Your Files

Let the RIP Ransomware Rest in Peace

Related Posts

Leave a Reply