Aperfectday2018 Ransomware

The Aperfectday2018 Ransomware is a ransomware Trojan that carries out a typical version of these attacks. The Aperfectday2018 Ransomware was first observed on November 5, 2018. The Aperfectday2018 Ransomware is delivered to victims via spam email attachments. Once installed, the Aperfectday2018 Ransomware takes the victim's files hostage to demand a ransom payment.

Some Particularities of the Aperfectday2018 Ransomware Attack

The Aperfectday2018 Ransomware uses the AES encryption to make the victim's files inaccessible. The Aperfectday2018 Ransomware targets the user-generated files, which may include files with the file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

After the Aperfectday2018 Ransomware finishes encrypting the files they will be marked with a prefix, the string '(enc)' added to the beginning of each affected file's name.

The Aperfectday2018 Ransomware's Ransom Demands

The Aperfectday2018 Ransomware attacks seem to be targeted at computer users located in Denmark. The Aperfectday2018 Ransomware delivers a ransom note in the form of a text file named 'aboutYourfiles.txt,' which contains the following ransom message:

'Hi. Thank you for using my program. If you're reading this, a lot of your files have been encrypted. To decrypt them, you need my decryption program. For this, I want 25 000 sek, I want them in bitcoin. Email me when you've paid with details about the transaction. I'll give you two days.
If you have not paid in two days(from the day you received the email), It will cost 1000 sek more per day.
If I have not heard from you after five days (from the day you received the email), I assume your files are not that
important to you. So I'll delete your decryption-key, and you will never see your files again.
After the payment, email me the following information:
* the bitcoin address you sent from (important, write it down when you do the transaction)
* the ID at the bottom of this document (this is important!! Otherwise I don't know which key belongs
to you).
Then I will send you the decryption-program and provide you with instructions of how to remove
the virus if you have not already figured it out.
Email:
aperfectday2018@protonmail.com
Bitcoin adress:
1LX3tBkW161hoF5DbGzbrm3sdXaF6XHv2D
Make sure to get the bitcoin adress right, copy and paste and double check. If you send the bitcoin
to the wrong adress, it will be lost forever. You cant stop or regret a bitcoin transaction.
IMPORTANT:
Do not loose this document. You also have a copy of it on your desktop.
Do NOT change any filenames!!! !!!
Thank you for the money, it means a lot to me.
ID: [random number]'

Malware specialists advise vehemently for computer users to refrain from paying the Aperfectday2018 Ransomware ransom and instead recover the affected files by replacing them with backup copies.