Home Malware Programs Ransomware WinSec Ransomware

WinSec Ransomware

Posted: April 13, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 42
First Seen: April 13, 2017
Last Seen: October 18, 2020
OS(es) Affected: Windows

The WinSec Ransomware is a file-encrypting Trojan using a code based on the Hidden Tear family primarily. Its attacks can block your PC's files from opening and display interactive pop-ups that may ask for ransom money. PC users with anti-malware protection to block or delete the WinSec Ransomware by default can protect their files preemptively while having a remote backup can prevent any data-ransoming scenarios efficiently.

Another Tear Falls with Some Extra Sparkle

The threat actors who borrow other people's code to launch threat campaigns aren't usually known for putting more than the bare minimum of effort into their attacks. Periodically, however, some of them may make updates for the sake of enhancing either the appearance or functionality of the end product. The WinSec Ransomware is one such resultant piece of threatening software: a Hidden Tear-based Trojan that uses ransoming methods upgraded slightly from the expected standards of that family.

Not every function of the WinSec Ransomware shows large changes from past Hidden Tear Trojans like the Kampret Ransomware or the Barrax Ransomware. Just as they do, the WinSec Ransomware enumerates your local drives to find files to hold hostage by encrypting them, with examples of victimized data including DOC or PDF documents, XLS spreadsheets and JPG pictures. The WinSec Ransomware also retains the extension-appending feature and adds the popular '.locked' tag to the names of any media it encrypts.

Malware experts noted only significant alterations in the ransoming note that the WinSec Ransomware drops on the victim's desktop. Instead of being the usual Notepad text file, the WinSec Ransomware's message uses an interactive HTML interface with a built-in, three-step form for ransoming the decryption key from the Trojan's author. Portuguese is the WinSec Ransomware's only supported language, so far, making regions like Brazil at a very high risk of being targets.

Wiping Up an Extortionist's Teardrops

Although the ease of use inherent in a more sophisticated GUI than a plain text message could increase the WinSec Ransomware's ransom-receiving rates, paying isn't any more beneficial for the infected PC's user necessarily. The threat actor still may retain the decryption key without any risk of having the ransom money refunded. Additionally, the ransoming form also could double as a way of phishing the victim's e-mail address for other attacks.

Backups are the most reliable data restoration option against threats of this type, although malware analysts warn that the WinSec Ransomware's family often deletes default Windows backups. Copy your media to portable storage devices or external servers to eliminate the chance of the WinSec Ransomware removing the backup while it's encrypting the originals. Different anti-malware products also can detect and delete the WinSec Ransomware as a threat before any encryption can occur.

Little data yet is available on how the WinSec Ransomware's threat actors are spreading it to new PCs. Anyone using Portuguese in their daily Web-browsing activities may wish to be cautious around infection vectors like suspicious e-mail attachments and use backups to keep a new effort at ransoming unprotected data from rewarding con artists for their hard work.

Related Posts

Loading...