Shark01@msgden.com Ransomware
Posted: September 25, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 62 |
| First Seen: | August 16, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Shark Ransomware (also identified as the Shark01@msgden.com Ransomware and the 'Shark CryptoMix Ransomware') is an update of the CryptMix Ransomware family. Although this Trojan uses a different set of encryption keys to protect its attacks from reverse-engineering attempts, it continues using the threat group's traditional strategy of locking files and asking the user to pay to unlock them. Keeping backups, avoiding traditional infection risks like email attachments, and having anti-malware products for deleting the Shark Ransomware proactively can protect your files from an attack.
Predators Swimming Towards Digital Prey
The CryptMix Ransomware family, a collection of Trojans notable for their regular releases and patches, is adding another member in the second half of September. The Shark Ransomware, the new threat in question, doesn't alter the majority of the business model, which encrypts data, like documents, for giving itself leverage with which to ask for ransoms. However, malware experts did detect some minor changes to its encryption feature, which causes any previously-working decryptors to become outdated with this latest build.
Th Shark01@msgden.com Ransomware can compromise a PC after the threat actors target it with brute-forcing strategies manually after the user opens infected email attachments, or after the user's browser suffers exposure to a corrupted website. After the initial contact, the Shark Ransomware doesn't require an Internet connection to complete its main attack: an AES encryption feature that locks different formats of media, such as Word documents, Excel spreadsheets or Adobe PDF documents. The threat actors also gave the Shark01@msgden.com Ransomware a new set of RSA keys to keep free decryption tools from decoding its attack and unlocking these files.
This Trojan adds a new extension ('.SHARK') to the names of any files that it enciphers. It also creates a ransom message in a text file, which is a copy of past versions of the CryptMix Ransomware that malware experts have examined. The instructions offer a custom-generated ID and new email addresses to contact for the victim's negotiations, but paying may or may not be effective at delivering a legitimate decryption program.
Clearing the Water of a Cloud of Extortion
The Shark01@msgden.com Ransomware can terminate various features and programs that could block its attacks, such as the Windows Defender. The Shark Ransomware also generates commands for wiping local, Shadow Copy-based backups and suppressing boot-up errors that the user might associate with the Trojan's installation. Although all of these features are defaults for any member of the CryptMix Ransomware family, they are highly effective at eliminating any symptoms of an infection and depriving any victims of secondary recovery options. Remote backups, still, are the most reliable way of keeping the Shark Ransomware from damaging any files permanently.
Since the Shark01@msgden.com Ransomware can operate without needing an Internet connection, users should be careful of spreading this threat to normally-secure systems. The Shark Ransomware has no worm-based features for copying itself to removable devices, but threat actors may install it on other PCs over a local network manually or use alternative means of distributing it. Businesses with high volumes of financially-valuable digital content and limited security protocols are preferred targets for Trojan campaigns of this type and should use dedicated anti-malware programs for deleting the Shark Ransomware before it can cause any additional harm to a compromised PC.
Like the Empty Ransomware, the Zayka Ransomware, and others before it, the Shark Ransomware is an aggressive showing of threat actors' work ethics in play. With the latest models at the forefront of digital extortion campaigns, unplugging your Internet connection no longer is enough to stop the attacks of Trojans like the Shark Ransomware.
vv
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.