'.fairytail File Extension' Ransomware

The '.fairytail File Extension' Ransomware is an encryption ransomware Trojan that is related to various ransomware Trojans that appeared in 2017. The '.fairytail File Extension' Ransomware infections were reported on March 6, 2018. There is very little to differentiate the '.fairytail File Extension' Ransomware infection from the numerous other encryption ransomware Trojans that follow the same tactic, encrypting victims' files and then demanding a ransom payment in exchange for the decryption key. The '.fairytail File Extension' Ransomware targets computers with a Russian keyboard layout, making it appear as if the '.fairytail File Extension' Ransomware was designed to target certain computer users in Russian speaking regions.

How the the '.fairytail File Extension' Ransomware Attacks a Computer

The '.fairytail File Extension' Ransomware is delivered to victims through the use of spam email messages. Victims of the attack will receive a spam email message with a file attachment containing embedded macro scripts that download and install the '.fairytail File Extension' Ransomware onto the victim's computer. These file attachments may appear as Microsoft Word files attached to email messages that impersonate legitimate senders such as banks, social media platforms or online retailers. Once installed, the '.fairytail File Extension' Ransomware will use the AES encryption to make the victim's files unusable. The '.fairytail File Extension' Ransomware will scan the victim's computer for a wide variety of files, encrypting them with its encryption algorithm. The following are some of the file types that may be targeted by the '.fairytail File Extension' Ransomware in its attack:

PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD.

Files
.DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF.

Encoded Files
.HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML.

Audio Files
.AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA.

Video Files
.3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG.

There are several versions of the '.fairytail File Extension' Ransomware attack that are nearly identical, but use different file extensions to mark files encrypted by the '.fairytail File Extension' Ransomware attack. While the '.fairytail File Extension' Ransomware marks the files encrypted by the attack with the file extension '.fairytail,' almost at the same time of the '.fairytail File Extension' Ransomware's release, a variant that renames the files by adding the file extension '.fname' was released.

Dealing with a '.fairytail File Extension' Ransomware Infection

Victims of the '.fairytail File Extension' Ransomware attack are instructed to communicate with the cybercrooks via several email accounts, depending on the variant of the attack. The email addresses below have been associated with the '.fairytail File Extension' Ransomware and its variants:

abu.khan@india.com, base1c1c1c@gmail.com, cryptolocker@aol.com, d_madre@aol.com, deskr1000@gmail.com, deskripshen1c@gmail.com, dorispackman@tuta.io, draggonblack@yahoo.com, drakosha_new@aol.com, gcaesar2@aol.com, help163btc@163.com, helpdecrypt123@gmail.com, hontekilla@aol.com, iizomer@aol.com, ivanivanov34@aol.com, load180@aol.com, madeled@mail.ru, masfantomas@aol.com, monica.moka@aol.com, mserbinov@aol.com, sishelp100@gmail.com, systemsinfo32@gmail.com, vpupkin3@aol.com, watnik91@aol.co

The '.fairytail File Extension' Ransomware delivers its ransom note in a text file named 'Readme.txt' that is dropped on the infected computer's desktop. Computer users should disregard the '.fairytail File Extension' Ransomware's ransom message and remove this threat with an effective security program. You should restore the files compromised by the '.fairytail File Extension' Ransomware attack from a backup copy stored on detachable devices (unfortunately, they will not be recoverable without the decryption key).