Xampp Locker Ransomware
Posted: February 10, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 51 |
First Seen: | February 10, 2017 |
---|---|
OS(es) Affected: | Windows |
The Xampp Locker Ransomware is a file-encryption Trojan that ransoms the data of your PC by encoding it and selling the decryption service to you. Con artists may use several methods of distributing these threads, although e-mail is the preferred installation platform against vulnerable business entities. Backing your files up to a location not susceptible to these attacks and keeping anti-malware security tools for deleting the Xampp Locker Ransomware at the earliest opportunity are the counter-tactics malware experts are recommending.
The Name of Hidden Tear Continuing to be Not-So-Hidden
Trojans like the Hidden-Peach Ransomware and the UpdateHost Ransomware aren't the end of the Hidden Tear family, a formerly-public example of Trojan code that, now, is the subject of recycling by different threat actors. New samples with all of the same features, such as the Xampp Locker Ransomware, are important parts of the threat landscape on a weekly basis. As far as malware experts can determine, the Xampp Locker Ransomware still seems to be in its testing phases, due to encrypting only a sample directory that's unlikely of being present on most PCs.
Hidden Tear-based Trojans like the Xampp Locker Ransomware use the AES encryption for blocking the files of a PC, with some variations, according to which formats the extortionist is targeting (such as DOCs or JPGs). Current versions of the Xampp Locker Ransomware encrypt only the 'xampp\htdocs\ directory, presumably as a test payload. The Trojan also provides each locked filename with the '.locked' extension previously seen in efforts like UpdateHost Ransomware's campaign.
Usually, the victims of these attacks can find ransoming instructions in a TXT file that the Trojan drops either on their desktops or in the same directory as the encrypted content. Traditional ransom demands use such methods as Bitcoin that can prevent you from recovering the money, even if the con artist accepts it without helping you unlock your files.
The Easy Alternative to Paying for Your Possessions
Until malware researchers see attempts to spearhead installations of the Xampp Locker Ransomware into target systems, its distribution strategies are subject to speculation. However, the choice of marketing as a server-specific ransoming tool makes it more likely than not that its threat actors will distribute it by cracking workstation passwords or sending spam to already-harvested e-mail addresses. Monitor your RDP settings, keep active firewalls, rotate your passwords, and scan e-mail attachments with appropriate anti-malware tools to catch the Xampp Locker Ransomware in its ingress.
There is a decryptor for the Hidden Tear family that may make it unnecessary to pay the Xampp Locker Ransomware's admin before you can unlock your files. However, the frequent, minor revisions to the family can render old decryption solutions outdated. For a more guaranteed means of keeping your server's data safe, back it up to a drive not accessible to the Xampp Locker Ransomware's scans. Even if it poses no immediate threat to your information (such as due to its targeting an irrelevant folder), malware experts do recommend deleting the Xampp Locker Ransomware with anti-malware products due to it being a general security hazard.
Unless con artists find new resources that accomplish the same extortion campaigns for even less effort, Hidden Tear isn't going to stop being a recurring favorite for file-encrypting Trojans. New samples like the Xampp Locker Ransomware only underline why every employee and casual PC user should be making backups a part of their daily routine.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.