‘helpmeonce@mail.ru’ Ransomware

The 'helpmeonce@mail.ru' Ransomware is an encryption ransomware Trojan that has been active since late February 2017. The 'helpmeonce@mail.ru' Ransomware encrypts its victims' files and demands that the victim pays a ransom using BitCoins to a BitCoin wallet that has been linked to the email address that was the source for the 'helpmeonce@mail.ru' Ransomware's name. The 'helpmeonce@mail.ru' Ransomware uses a sophisticated encryption method that is designed to make the victim's files completely inaccessible. Once the victim's files have been encrypted by the 'helpmeonce@mail.ru' Ransomware, they are no longer recoverable without access to the decryption key, which the con artists hold in their possession. The most likely way in which the 'helpmeonce@mail.ru' Ransomware is being distributed is through the use of corrupted files attached to spam email messages. These corrupted files will exploit vulnerabilities in macros frequently, installing the 'helpmeonce@mail.ru' Ransomware on the victim's computer.

The Unwelcome 'Help' Provided by the 'helpmeonce@mail.ru' Ransomware

The 'helpmeonce@mail.ru' Ransomware uses an attack that is similar to most other encryption ransomware Trojans. The 'helpmeonce@mail.ru' Ransomware uses a combination of the AES-256 and RSA-1024 encryptions to make the victim's files unusable. The 'helpmeonce@mail.ru' Ransomware will encrypt files on the victim's hard drive, as well as on external memory devices connected to the infected computer and on directories shared on a network. Most ransomware Trojans will either target high-profile targets such as Web servers or corporate networks, or they will target individual computer users and home PCs. This second group seems to be the main target of the 'helpmeonce@mail.ru' Ransomware attack, considering the file formats that the 'helpmeonce@mail.ru' Ransomware targets, as well as the ransom payment method and amount. After examining the 'helpmeonce@mail.ru' Ransomware, PC security researchers have concluded that the 'helpmeonce@mail.ru' Ransomware will encrypt the following file types (among others) found on the victim's computer:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

The files targeted by the 'helpmeonce@mail.ru' Ransomware will not stop Windows from operating correctly since this misdeed depends on Windows remaining operational to deliver the ransom note to the victim. The 'helpmeonce@mail.ru' Ransomware delivers its ransom note in text files dropped on the victim's computer. The files encrypted by the 'helpmeonce@mail.ru' Ransomware are easy to identify since the 'helpmeonce@mail.ru' Ransomware will add the extension '.cfk' or '.lfk' to the affected files.

Dealing with a 'helpmeonce@mail.ru' Ransomware Infection

The 'helpmeonce@mail.ru' Ransomware's ransom note is delivered in text notes named '#_DECRYPT_ASSISTANCE_#.txt,' and 'ASSISTANCE_IN_RECOVERY.txt' dropped on the victim's computer. The 'helpmeonce@mail.ru' Ransomware asks for a ransom of one BitCoin, which is near $1200 USD at the current exchange rate. However, computer users are strongly advised against paying the 'helpmeonce@mail.ru' Ransomware ransom. This is a not recommended action because paying the amount allows these people to continue developing threats. Apart from this, there is no guarantee that the people responsible for the 'helpmeonce@mail.ru' Ransomware will keep their word and deliver the decryption key necessary to recover the affected files. The best protection against threats like the 'helpmeonce@mail.ru' Ransomware is to have backups of all files on an external memory device that is not connected to the main computer. Having backups of all files and being able to recover the encrypted files from the backups directly means that the people responsible for the 'helpmeonce@mail.ru' Ransomware attack lose any leverage over the victim.