Smash! Targets Windows OS and its distribution method is currently unknown. This variant threatens to “kill” its victim’s files and, after displaying a series of pop-up error messages, it displays a screen that includes a “File Kill Timer.” This screen includes a message claiming that all of the victim’s files will be deleted “forever” if payment is not received before the progress bar reaches 100 percent. It also prompts the victim to enter a 7-digit code provided by the attacker upon receipt of payment. Researchers have determined that this is a poorly coded variant or one that is still in development as the button provided on the instruction screen is not actually functional. In addition, Smash! does not have the capability of deleting files, but it is capable of blocking Regedit, Task Manager, and the command prompt from running. Smash! does not maintain persistence so a simple reboot of the infected system will get rid of these screens but a full system scan by antivirus software is recommended to ensure this infection or any additional malware is removed.
- Bleeping Computer provides more information about Smash! here.
- No decryption tool is needed for Smash! as it does not encrypt files and can be cleared upon reboot.