File spider ransomware Threatens To Delete Files If The Ransom Payment Is Not Paid Within 96 Hours

Information About File spider ransomware & It’s Vicious Traits

Being identified as a recently launched ransomware-type malware, File spider ransomware is a dangerous threat for the Windows PC aiming to reach the computer systems of people located in the Balkan region, such as Herzegovina, Croatina, Serbia, Bosnia etc. It identical to several other precarious malware infection of the same group, disseminates itself very silently in the targeted system without the user’s knowledge. It once done with the proliferation procedure, initializes data encryption onto the files stored in the PC. It while implementing this operation, appends ‘.spider’ extension onto the compromised files at their respective ends.

File spider ransomware moreover following the successful completion of the encryption procedure, opens up File Spider [[email protected]] window, serving as a ransom note. The developer of threat demand to pay the ransom within 96 hours period (i.e., 4 days) or otherwise the decrypted key will be deleted, rendering decryption of the enciphered files completely impossible to the users. Hackers moreover for the sake of ensuring that victims have all the required important information regarding asked payment, had created a video tutorial on how to recover the enciphered files and uploaded it to vid.me. Experts have notified link to the video indicated as ‘hxxp://spiderwjzbmsmu7y.onion’ in the ransom note.

However, cyber security specialists does not encourages to agree to follow the rules and regulations of the attackers as according to them they are not trustworthy at all. So, might exploit their advantage in increasing the ransom amount once the payment is made. Thus, it is suggested to uninstall File spider ransomware and heads towards the alternative data recovery procedures.

See also : Perilous Bad Rabbit Ransomware Attacked Eastern Europe And Ukraine

In-depth Analysis of File spider ransomware Properties

File spider ransomware commonly acquire perforation in targeted system through an email with the subject line ‘Potrazivanje dugovanja’ that means Debt Collection in English. The letter usually includes an Office Word document scripted in Bosnian language and hides an obfuscated macro code inside. This report onto being opened, launches Windows PowerShell.

This PowerShell downloads the payloads of the File spider ransomware which are Base64 encoded onto the free JavaScript hosting website – yourjavascript.com. Once the downloading procedure get accomplished, the ASCII string gets decoded. Besides, the task management framework do makes usage of AleberTI key in XOR operation for decrypting the final payloads and storing them in the executable files.

Experts have notified these two executables crafted for distinct purposes i.e., enc.exe regarding data encryption and dec.exe for generating ransom note which do encourages users to make asked payment for recovering the corrupted stuff. The executable are stored in %APPDATA% /Spider direction onto the compromised PC.

Since, File spider ransomware is a brand new form of ransomware. Thus, till yet no decryption tool has been developed for victims regarding recovery of the compromised files.

Leave a Comment

Your email address will not be published. Required fields are marked *