Tastylock Ransomware
Posted: January 2, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 2 |
| First Seen: | March 29, 2023 |
|---|---|
| Last Seen: | March 30, 2023 |
| OS(es) Affected: | Windows |
The Tastylock Ransomware is a variant of the Revenge Ransomware branch of the CryptMix Ransomware, a Trojan that attempts to lock your files so that it can hold them for ransom. Symptoms include having your media files made unusable and renamed, seeing text-based messages with extortion-based instructions, and having problems accessing some Windows security features. Users should try non-premium ways of recovering their data and uninstall the Tastylock Ransomware from any compromised PC with a professional anti-malware product.
The New Taste of Old Trojan Problems
The Ransomware-as-a-Service means of doing business is serving the CryptMix Ransomware (also called 'CryptoMix') well, with malware experts seeing new versions of this Trojan with a high degree of regularity. Although old versions are vulnerable to decryption solutions that make their extortion attempts much less relevant to the victims than usual, new ones, like the Tastylock Ransomware from the Revenge Ransomware fork, aren't as compatible necessarily. Infection methods for the Tastylock Ransomware's campaign include Italian-language components and archive compression to obscure its identity.
The Tastylock Ransomware uses AES in CBC mode for its primary file-locking feature, which scans the infected computer for media (particularly text documents, but also including other data types, (such as pictures or archives) to encipher and block.The Tastylock Ransomware also overwrites the names of these files with a thirty-two character string of random characters and places a '.tastylock' extension at the end. Although the Tastylock Ransomware's payload does include additional, anti-security features similar to the rest of its family, malware experts warn that users should anticipate a few symptoms while this attack takes place.
Secondly, the Tastylock Ransomware creates a Notepad file showing its threat actor's simple demands: contacting an e-mail address for bargaining, which, usually, entails paying a cryptocurrency or voucher-based ransom. Because the Tastylock Ransomware customizes its encryption method with a local, RSA-based key, the users can't unlock their files with a generic decryption program that's available elsewhere.
Washing out the New Year's Flavor of Media Attacks
The Tastylock Ransomware has many of the old features that the CryptMix Ransomware's threat actors use for guaranteeing that their payloads go off without any interference. These secondary functions include erasing local SVC backups and deactivating some security solutions like the Windows Defender program. These side effects also place your PC in a heightened state of vulnerability to other attacks until you remove the infection and reverse all incidental changes associated with it.
Although malware experts can't confirm that Italian-speaking users are the only victims at risk, the Tastylock Ransomware's campaign is one of many from a family that often uses system-comprising exploits specific to corporations and smaller business networks. You may see this threat arrive in an e-mail attachment or a remote attacker may install it after brute-forcing the login combination of a server. Sound password management can lower the rates of success from the latter, and anti-malware programs can protect you from the former, along with deleting the Tastylock Ransomware during or after its attempted attacks.
The Tastylock Ransomware's authors, wielding such Trojans as Exte Ransomware, the MOLE Ransomware, and the newest Work Ransomware, are rotating through their data-locking methods much more quickly than those of projects like the semi-static Hidden Tear. Anyone with files worth keeping will not want to assume that they always can save their files for free, especially if they don't have backups to fall back on.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.