Threat Database Ransomware '.0ff File Extension' Ransomware

'.0ff File Extension' Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: November 23, 2016
Last Seen: July 22, 2019
OS(es) Affected: Windows

The '.0ff File Extension' Ransomware is an encryption ransomware Trojan that is used to extort computer users. The '.0ff File Extension' Ransomware first appeared in November of 2016 and is a variant in a family of ransomware Trojans that has been around for a while. The '.0ff File Extension' Ransomware is a variant of an older family of ransomware commonly known as BitMessage, which preceded larger, more recent families such as Locky and Crysis. The '.0ff File Extension' Ransomware receives this name because it identifies the encrypted files with the extension '.0ff' in a way similar to a large number of similar ransomware Trojans that have appeared in the same period.

How the '.0ff File Extension' Ransomware may Enter a Computer

The '.0ff File Extension' Ransomware is typically delivered in corrupted spam email attachments. A common method that allows con artists to infect the victims' computers with the '.0ff File Extension' Ransomware involves sending them Microsoft Office documents that have macros enabled. These macros exploit a vulnerability in these applications, which allows con artists to load threats like the '.0ff File Extension' Ransomware onto the victim's computer. Corrupted spam email messages used to distribute the '.0ff File Extension' Ransomware may use some social engineering component to trick the victim into opening the attached file. For example, the email may be disguised as an email from a bank, a social media platform or a messaging company.

The '.0ff File Extension' Ransomware Uses a Strong Encryption Method

Once the people responsible for the '.0ff File Extension' Ransomware manage to install this threat on the victim's computer, it will initiate its attack. The '.0ff File Extension' Ransomware is designed to encrypt the victim's files using an advanced encryption method that involves two encryption algorithms: one to encrypt the victim's data and the other to encrypt the decryption key itself. This allows third parties to hold the decryption key necessary to decode the victim's files, essentially taking them hostage. The files encrypted by the '.0ff File Extension' Ransomware will no longer be accessible without the decryption key.

The Ransom Demanded by the '.0ff File Extension' Ransomware

After the '.0ff File Extension' Ransomware has finished encrypting the victim's files, it displays a ransom note in the form of a text file that is dropped on the victim's Desktop. The file is named 'READNOW!!!.txt.' The contents of this text file are displayed below:

'Hello.
All your files have been encrypted using our private key. There is no way to recover them without our assistance.
If you want to get your files back, you must be ready to pay for them.
If you are ready to pay then follow the instructions:
1) Create an archive (rar or zip) with 3 files inside:
Secret.key + Secret.key2 (should be on your desktop) + Any encrypted file of a small size. It can be a .doc or .pdf or .xls or whatever you have. 5 mb max. Note that this file should have this extention: .0ff; please don`t put more than one file in the archive, one file is enough. If you can`t find Secret.key2, that`s OK. It will take just a little bit more time to restore your files, so you shouldn`t worry.
2) Upload this archive to any file sharing site. Dropbox, Google Drive, sendspace.com etc.
3) Go to http://bitmessage.org/ and download Bitmessage.
4) Run Bitmessage. Select 'Your Identities' tab. Then click New. Then click OK.
Then select 'Send' tab.
TO: BM-[34 random characters] (this is our address)
SUBJECT: I want my files back, you bastards! I`m ready to pay! (You can put your PC name here as well)
MESSAGE: Link to the archive with three files in it.
Then click Send.'

Do not Pay the '.0ff File Extension' Ransomware Ransom

Con artists are notorious for not keeping their word. PC security researchers do not advise paying the large ransom associated with the '.0ff File Extension' Ransomware. To prevent the '.0ff File Extension' Ransomware attacks, computer users are advised to have backups of all files and to update the backups regularly.

SpyHunter Detects & Remove '.0ff File Extension' Ransomware

File System Details

'.0ff File Extension' Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 217c23371f1d91e81beac74a759be045 2

Trending

Most Viewed

Loading...