ABOUT FILES! Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 13,143 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 12,439 |
| First Seen: | June 18, 2015 |
| Last Seen: | December 31, 2025 |
| OS(es) Affected: | Windows |
The ABOUT FILES! Ransomware is a ransomware infection that will encrypt the victim's files and block all access to the infected computer. If you find a text file named ABOUT FILES! in every folder on your computer and your files renamed to include the string 'error_,' this indicates that your computer has become infected with the ABOUT FILES! Ransomware. This is caused by a Trojan that is distributed online using typical threat distribution methods (such as spam email messages and attack websites). Ransomware infections like the ABOUT FILES! Ransomware have become increasingly popular as a way of forcing computer users to pay hefty ransoms. Although the ABOUT FILES! Ransomware, like traditional viruses and Trojans, can be removed using a reliable security program, the victim's files will remain encrypted, requiring payment for a decryption key. Unfortunately, encryption carried out by ransomware infections like the ABOUT FILES! Ransomware is nearly impossible to break without the encryption key, meaning that the best protection against a threat like the ABOUT FILES! Ransomware is to keep a backup of any important files on a computer as a preventive measure.
Table of Contents
The Damaging Consequences of the ABOUT FILES! Ransomware and Similar Infections
The ABOUT FILES! Ransomware is designed to take a computer hostage, preventing computer users from accessing their files. The ABOUT FILES! Ransomware essentially prevents computer users to retrieve the affected files if they do not possess the decryption algorithm. The ABOUT FILES! Ransomware uses a characteristic ransom note, which reads as follows:
'Hi guys! We have bad news for you.
Your files have been crypted by 2 popular alghoritms - AES and RSA. Only we have private RSA key
All crypted files now starting with "error_":
You can buy our decryptor that will recover all your files. You need:
1) Send us 3 bitcoins on our bitcoin address [edited] (Now 1 bitcoin approximately = 230 usd)
Only we and you know about this address, so we will understand that its your payment.
2) Send us your unique identificator on our mail dogdog@ruggedinbox.com
3) Wait 1,2... or 24 hours and we will send you decryptor (it is very easy to use it - you
need only run decryptor executable file and wait 5-10 hours and all files will be decrypted)
If we dont anwser on your letter more than 1 day then make your own mail account on www.ruggedinbox.com
(This action is very simple and takes 1-2 minutes) and send us your letter again
(some mail servers (for example hotmail.com and outlook.com) blocking letters to www.ruggedinbox.com)
Your unique identificator: [edited]
You can use one of those sites to change your money to bitcoins:
www.btc.my
www.cryptomarket.my
https://bitx.my/market
www.bitcoinmalaysia.com
www.goldux.com
www.kraken.com
www.bitquick.co
www.howtobuybitcoins.info
www.bestchange.com
You dont need install any bitcoin software - you need only find bitcoin exchange service (also you can try find it here for your country - www.google.com)
Additional information: before payment you can send us one small file (not bigger than 300Kb).
and we will decrypt it before payment (also you need send us your unique identificator).
After that, we think that it will be evedent that we have the program that can decrypt your files.
We dont want to destroy your files! We only need some money!'
Note the huge amount of the ransom. While most ransomware attacks previously asked for one Bitcoin in payment, the ABOUT FILES! Ransomware has jumped all the way to three Bitcoin! In some cases, it is possible to retrieve the encrypted files using special tools such as a Shadow Volume Explorer. However, in most cases the files encrypted by the ABOUT FILES! Ransomware are completely inaccessible. Unfortunately, computer users have no guarantee that the people responsible for the ABOUT FILES! Ransomware attack will follow through on their promise to restore the encrypted files after the ransom is paid.
Preventing the ABOUT FILES! Ransomware Attacks
Our PC security analysts strongly advise computer users to take steps to protect themselves from ransomware in the future. Attacks like the ABOUT FILES! Ransomware can be prevented or ameliorated if computer users take the following steps:
- Keep adequate backups of all important files on a different system or the cloud.
- Exercise caution when browsing the Web and avoid suspicious websites or opening unknown links and files.
- Use a reliable security program that is always up-to-date to protect your computer from attacks.
Analysis Report
General information
| Family Name: | Trojan.Malpack.CCJ |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
66f2efb4172581971a8e75c50134a4bf
SHA1:
7b3477a1fa49ba6c0b19aaeaddedeab680c6e13c
SHA256:
FAA27B74215AC29C98C4812E92F4925D0A68A58BB94302F32D27472C68C05744
File Size:
513.54 KB, 513536 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Copyright | Copyright (C) 2020, fotc |
| File Versiones | 1.0.0.1 |
File Traits
- HighEntropy
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 533 |
|---|---|
| Potentially Malicious Blocks: | 5 |
| Whitelisted Blocks: | 522 |
| Unknown Blocks: | 6 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
