It does not happen all that often security researchers come across a new type of bitcoin ransomware that can easily be decrypted. Schwerer, a recently discovered type of malware, is one of these rare exceptions, though. It is officially labeled as a Trojan Horse, yet it does require victims to pay a ransom in bitcoin. Luckily, it is quite easy to get rid of this specific malware without paying anything.
Schwerer Is Not A Real Threat
The Schwerer ransomware Trojan was first discovered last week, and it caused quite a stir among security researchers. As one would expect, this Trojan is designed to infiltrate computers and networks and start encrypting content on hard drives almost immediately. In most ransomware cases, victims would be forced to pay the ransom in bitcoin as there is no other way to restore file access. This is where Schwerer falls woefully short, although no one will consider that to be a negative thing by any means.
On the surface, Schwerer does everything you would expect from a new type of ransomware. It spreads through email attachments and BitTorrent downloads, in the hopes of infecting as many computers as possible in the process. Once the ransomware payload is downloaded onto a computer, it will start encrypting all the important files. Users are also greeted with a Schwerer pop up window, informing the victim of how their system has been compromised by malware.
Security experts feel Schwerer is designed to carry out a “Blitzkrieg attack” on its victims. The encryption of all files takes place in the background, and the malware will try to evade detection for as long as possible. The ransomware strain also adds a Registry key to the Windows operating system, which should – in theory – make it nearly impossible to get rid of the malware without paying the ransom. Speaking of which, Schwerer demands a 150 EUR – or US$161 – ransom which has to be paid in bitcoin.
However, it appears there is absolutely no reason for victims to pay the bitcoin ransom whatsoever. A free decryption tool for Schwerer exists already, which virtually nullifies the malware’s chance of success. It is rather uncommon to see new types of ransomware getting decrypted so quickly, especially when considering the malware has only infected a few dozen computers so far. It appears this is all due to sloppy work by the developers.
New #Autoit-based #Ransomware #Schwerer request €150. Decryptable.https://t.co/w9w5X1TD4C pic.twitter.com/HhWgIqzDmV
— Jiri Kropac (@jiriatvirlab) April 15, 2017
This free Schwerer ransomware decryptor is developed by Jiri Kropac, a well-known security expert. Considering how the ransomware itself is developed in Autoit, that is not entirely surprising either. One could say Schwerer is an unprofessional attempt at creating a new type of malware. Considering how there are so many online tools to create custom versions of ransomware, it is not entirely unexpected there will be some “less potent” types of malware. In fact, that is a positive development, as this free decryptor will save a lot of people some money.
In the end, it is important to remember not all ransomware types will be successful in earning money for its developers. Using AutoIt to create a new type of ransomware doesn’t seem to be the right way to go right now, that much is evident. Then again, there are so many different types of malware in circulation, it is only a matter of time until a new major threat is discovered.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
