|Name||Threat Finder Ransomware|
|Encryption Type||RSA 2048|
Year: 2015 January
Target: window Host
|Distribution Method||Spam mail, Angler exploit kit, fake downloads|
Threat Finder’s discovery means that online community was exposed to a fatal malware that targets personal files and folders, encrypting them and asking ransom for decryption. Also, it reaffirmed the fact that Cryptlocker ransomware was indeed never eliminated. On the contrary, it was just waiting to resurface with another name.
Threat Finder is ransomware conveyed by means of fake downloads (rebel media players, fake Flash redesigns, and so forth.), tainted email messages, and especially by means of the Anger Exploit Kit. The Threat Finder infection can taint all windows working frameworks including Windows XP, Windows Vista, Windows 7, and Windows 8. Once the framework is effectively penetrated, Threat Finder encodes all records put away on the hard drive including *.txt, *.html, *.doc, *.docx, *.jpg, *.png, and numerous others. Not at all like other comparable contaminations, Threat Finder does not change the names of scrambled records, and in this manner, the main sign that your documents have been encoded is the point at which you can't open and show them effectively. Subsequent to scrambling documents, this ransomware makes a HELP_DECRYPT.HTML record on the casualty's desktop, which is then opened with the default Internet program. Clients are requested to pay a 1.25 BTC buy-off in the bitcoin cash (around US$300) to recapture control of their encoded records.
The chain process of the threat finder are as shown
Step 1: The client saw a compromised site that creates a background activity for Angler misuse pack.
Step 2: The powerless Windows host was infected by the Angler abuse unit.
Step 3: The exploit kit sent Bedep malware, generally seen from Angler.
Step 4: Bedep downloades more malware, including Threat Finder.
Step 5: Threat Finder scrambled the client's close to home records and showed directions to recoup the information.