What is Smash Ransomware?
Cyber security experts at Anti-spyware-101.com have recently tested a highly malicious application called Smash Ransomware. They recommend that you remove it as soon as possible because it might encrypt your files. We say “might” because it currently cannot do this, but that can change at any time. Even though it is unable to encrypt your files, it can perform several malicious activities. We found that it is capable of blocking access to Registry Editor and Task Manager. In this article, we are going to discuss what this malware does, how it is distributed and how you can remove it. So if you are interested, then please continue reading.
What does Smash Ransomware do?
While some ransomware-type applications are used to lock the computer and prevent the victim from using it altogether, others are designed to encrypt files stored on the computer. Smash Ransomware was designed to encrypt files, but our malware analysts say that it does not do that. Even though it connects to its Command and Control (C&C) server, it does not receive instruction to encrypt the files.
Nevertheless, if it is launched on a computer, it will open its Graphical User Interface window which is a simple dialog box named Smash. It features a progress bar that goes from 0 to 100 % and the message below states “Welcome. If you don’t pay us for a key within the progressbar is 100% we will delete ALL of your files forever.” However, when the progress bar reaches 100 % it does not delete the files which are very good news indeed. Another thing to note is that even if it encrypted the files, there would be no way to contact the cyber criminals or pay the ransom because it does not drop a ransom note with instructions.
Even though Smash Ransomware is unable to encrypt the files, it can, however, block certain Windows applications from running. Our researchers say that it was designed to prevent the victim from launching Task Manager because it can be used to terminate this ransomware's executable. It was also designed to block the user from accessing Registry Editor because deleting Smash Ransomware’s point of execution will prevent it from running on the next system startup.
Where does Smash Ransomware come from?
Our malware analysts have received information that this ransomware distributed through malicious emails that are probably sent from a dedicated server to random users. There is no information about the region in which Smash Ransomware is set to be distributed, but since it was clearly developed by non-English speaking developers, but its text is in English, researchers say that it should be distributed globally or at least in the Western hemisphere.
In any case, the emails are said to feature this ransomware as a file attachment that can masquerade as an invoice, receipt, tax return form or some other kind of document file that is usually sent via email. The malicious file is set to drop this ransomware’s executable when opened. Take note that this ransomware can be dropped in any location on your computer. Moreover, its executable is said to be named randomly and can pose a legitimate Windows or third-party service. Therefore, detecting it on your own may prove to be a challenge.
How to remove Smash Ransomware?
Our research has revealed that Smash Ransomware can be a highly problematic infection that could infect your computer by stealth and encrypt your personal files. However, the good news is that it does not work (at least for now.) Therefore, we recommend that you take action against it immediately, provided that it has entered your PC. Our researchers have prepared a removal guide that will help you get rid of it for good. We consider it a manual removal guide, but to make things easier we recommend using SpyHunter’s free scan feature to detect this malicious application.
Removal Guide
- Go to http://www.anti-spyware-101.com/download-sph
- Download SpyHunter-Installer.exe and run it.
- Run the installed application.
- Select Scan Computer Now!
- Press Windows+E keys.
- Enter the file path of the malicious file(s) in the File Explorer’s address box and hit Enter.
- Right-click the malicious file(s) and click Delete.
tested removal of Smash Ransomware*
0 Comments.