CommonRansom Ransomware
The CommonRansom Ransomware is an encryption ransomware Trojan that was first released on October 30, 2018. The CommonRansom Ransomware seems to be developed by a criminal group that delivers this threat directly to their targets. The criminals responsible for the CommonRansom Ransomware attack scan the Web for servers with poor security and then use brute force attacks to attempt to install the CommonRansom Ransomware on the targeted servers. Once installed, the CommonRansom Ransomware is used to take the victims' data hostage and then demands a ransom payment.
The CommonRansom Ransomware is Very Similar to Countless Other Encryption Trojans
The CommonRansom Ransomware attacks target small and medium businesses with vulnerable devices mainly. The CommonRansom Ransomware uses the AES and RSA encryptions to make the victim's files inaccessible, encrypting a wide variety of file types. The following are examples of the files that threats like the CommonRansom Ransomware will commonly encrypt in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
After the CommonRansom Ransomware finishes the files' encryption, they will be marked by the addition of the file extension '.[old@nuke.africa].CommonRansom' to the end of each affected files' names. The CommonRansom Ransomware delivers a ransom note in the form of a text file named 'DECRYPTING.txt,' which contains the following message:
'Hello dear friend,
Your files were encrypted!
You have only 12 hours to decrypt it
In case of no answer our team will delete your decryption password
Write back to our e-mail: old@nuke.africa
In your message you have to write:
1. This ID-345678901234567
2. [IP address]:PORT(rdp) of infected machine
3. Username:Password with admin rights
4. Time when you have paid 0.1 btc to this bitcoin wallet:
35M1ZJhTaTi4iduUfZeNA75iByjoQ9ibgF
After payment our team will decrypt your files immediatly
Free decryption as guarantee:
1. File must be less than 10MB
2. Only .txt or .lnk files, no databases
3. Only 5 files
How to obtain bitcoin:
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
h[tt]ps://localbitcoins[.]com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
h[tt]p://www.coindesk[.]com/information/how-can-i-buy-bitcoins/'
Dealing with a CommonRansom Ransomware Attack
Computer users are counseled vehemently not to contact the criminals responsible for the attack and not pay the CommonRansom Ransomware ransom. The CommonRansom Ransomware may be counteracted with backup copies of your files, stored either on independent devices or the cloud. It is also crucial to have a security program installed, which can intercept and remove the CommonRansom Ransomware threat before it can start its tasks.
