Meteoritan Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 5,996 |
First Seen: | March 27, 2017 |
Last Seen: | November 7, 2020 |
OS(es) Affected: | Windows |
The Meteoritan Ransomware is an encryption ransomware Trojan that is used by con artists to force computer users to pay large amounts of money. The Meteoritan Ransomware attacks were first reported on March 22, 2017. PC security researchers suspect that the Meteoritan Ransomware is being distributed using corrupted documents attached to spam email messages. These documents contain corrupted scripts that download and install the Meteoritan Ransomware on the victim's computer. Once the Meteoritan Ransomware enters a computer, it encrypts the victim's files with a strong encryption algorithm to demand the payment of a ransom through BitCoins. Threats like the Meteoritan Ransomware pose a serious threat to the computer users' data. Once the Meteoritan Ransomware encrypts the files, they become unrecoverable, and it will be necessary to restore them from a backup copy.
Table of Contents
How the Meteoritan Ransomware can Lock Your Files
The Meteoritan Ransomware receives its name based on a logo that it shows to the victim in its ransom note. This message includes the text 'the Meteoritan Ransomware' and uses a logo that is orange and red. The Meteoritan Ransomware seems to target computer users in America and in Western Europe. The Meteoritan Ransomware is capable of encrypting files on all local drives, as well as on storage on a network and external memory devices connected to the infected computer. The Meteoritan Ransomware encrypts the victim's data using the AES-256 encryption, making it impossible to recover the affected files with current technology. The Meteoritan Ransomware will target the following file types during its attack (among others):
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
The Meteoritan Ransomware Is Used to Make Money for Its Developers
The files affected by the Meteoritan Ransomware cannot be opened and will appear as blank icons in the Windows Explorer. The Meteoritan Ransomware is capable of carrying out its attack without requiring an Internet connection. The Meteoritan Ransomware uses the RSA-2048 encryption to make the decryption key inaccessible to the victim. The Meteoritan Ransomware saves its data to the file METEORITAN.RAMSOM located in the Temp directory. Victims are asked to get an ID number from a file name METEORITAN.POLAND located in the same place. The Meteoritan Ransomware creates files named 'readme_your_files_have_been_encrypted.txt' and 'where_are_your_files.txt' on the infected computer's desktop. These files contain the Meteoritan Ransomware's ransom note, which reads as follows:
'ATTENTION! ATTENTION! You have been victim of METEORITAN RAMSOMWARE!
Your documents, photos, databases and other important files have been encrypted by RSA-4096 alghorythm generated by your computer, if you want to restore your files, you must get a decryption key.
How can I get decrypt key?
1. Send E-Mail to meteoritan6570@yandex.ru with your ID. Your ID is in METEORITAN.POLAND file, open in Notepad.
2. Get Bitcoins. Bitcoin is a cryptovalute, which can pay. Use these sites: coinbase.com, btc.com, bitgo.com, strongcoin.com
3. In e-mail turning, we get a value of your key. Pay it.
4. In 24 hours you get an decrypt key. If you don't see e-mail, check spam catalogue.
5. Run aplication and enter your key.
METEORITAN RAMSOMWARE'
Dealing with the Meteoritan Ransomware
PC security researchers strongly advise computer users to refrain from contacting the people responsible for the Meteoritan Ransomware attack. They may ask for a very large ransom, and once it has been paid, there is no guarantee that they will provide the decryption key. Instead, malware researchers advise computer users to restore their files from a backup copy and remove the Meteoritan Ransomware with the help of a reliable security program that is fully up-to-date.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.