'.abc File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1 |
First Seen: | January 22, 2016 |
Last Seen: | March 26, 2020 |
OS(es) Affected: | Windows |
The '.abc File Extension' Ransomware is one of the many variants of TeslaCrypt that have been released in the final weeks of 2015 and early 2016. The appearance of the '.abc File Extension' Ransomware and dozens of other TeslaCrypt variants coincides with two events: the release of TeslaCrypt 3.0, which removes a vulnerability that allowed PC security researchers to obtain the decryption key and help computer users recover their encrypted files, and the implementation of TeslaCrypt as RaaS (Ransomware as a Service.) Like other ransomware Trojans, the '.abc File Extension' Ransomware is designed to take the victim's files hostage, encrypting them using its encryption algorithm and demanding the payment of a ransom to release the decryption key that will make it possible affected computer users to recover the encrypted files.
How the '.abc File Extension' Ransomware Attack Works
An '.abc File Extension' Ransomware infection is not difficult to understand. The '.abc File Extension' Ransomware's approach is almost identical to the countless other ransomware variants that are currently active:
- The '.abc File Extension' Ransomware and its variants may be delivered using corrupted email attachments. Other typical threat delivery methods include the use of attack websites and fake files on file sharing networks.
- Once the '.abc File Extension' Ransomware has been opened, it scans the victim's hard drives and looks for files to encrypt. The '.abc File Extension' Ransomware and other TeslaCrypt variants are known for targeting video game files besides the more common file formats targeted by most encryption ransomware. The following are the types of files that are encrypted by the '.abc File Extension' Ransomware:
- Using AES encryption, the '.abc File Extension' Ransomware encrypts files with the above extensions.
- PC security researchers have observed that the '.abc File Extension' Ransomware also deletes Shadow Volume copies of these files as well as System Restore points, which makes it impossible to recover the encrypted files using these alternate methods. Without the decryption key, it is almost impossible to decrypt files that have been encrypted by the '.abc File Extension' Ransomware, which uses AES encryption.
- The '.abc File Extension' Ransomware delivers the news of the attack to the computer user by dropping text files in the directories where the files were encrypted. The '.abc File Extension' Ransomware also may change the affected PC's wallpaper or desktop image. Below is a common ransom message used by the '.abc File Extension' Ransomware and other variants of this threat:
.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt.
Your personal files are encrypted!
Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click "Show Encrypted Files" button to view a complete list on encrypted files, and you can personally verify this.
Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.