Patagonia92@tutanota.com Ransomware
The Patagonia92@tutanota.com Ransomware is an encryption ransomware Trojan that was first observed on June 25, 2018. The Patagonia92@tutanota.com Ransomware is a variant of the RotorCrypt Ransomware, and other ransomware Trojans released earlier in 2017 and 2018. The Patagonia92@tutanota.com Ransomware functions in a way that is identical to most other encryption ransomware Trojans: the Patagonia92@tutanota.com Ransomware uses an effective encryption algorithm, which will make the victim's files unreachable and then demands a ransom from the victim in exchange for a decryption key. Computer users are emphatically counseled to take precautions to ensure that their data is protected from threats like the Patagonia92@tutanota.com Ransomware preemptively.
Table of Contents
Is Patagonia a New Target of Cybercriminals?
The Patagonia92@tutanota.com Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The Patagonia92@tutanota.com Ransomware, unlike many other encryption algorithms, will not rename the files encrypted by the attack. However, these files will show up as blank icons on the Windows Explorer and be inaccessible. The Patagonia92@tutanota.com Ransomware will write to the affected files' headers, meaning that there may be some data loss or corruption even if the files are decrypted. The Patagonia92@tutanota.com Ransomware targetsthe user-generated files, which may include files with the following file extensions:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Patagonia92@tutanota.com Ransomware also will target data recovery aspects of the Windows operating system, which may include things like the Shadow Volume Copies and the System Restore points, apart from encrypting the victim's files.
The Ransom Demands of the Patagonia92@tutanota.com Ransomware
The Patagonia92@tutanota.com Ransomware will demand a ransom payment to give the victims a decryptor. This is how threats like the Patagonia92@tutanota.com Ransomware work, and how criminals profit from making the victim's files inaccessible. The Patagonia92@tutanota.com Ransomware holds the victim's files hostage in exchange for a ransom. The Patagonia92@tutanota.com Ransomware's ransom demand is delivered in a text file that is dropped on the victim's desktop. The Patagonia92@tutanota.com Ransomware ransom note is quite short. It is contained in a text file named 'HELP.txt' and is composed of a single sentence:
'help mail PATAGONIA92@TUTANOTA.CO.'
Victims that contact the criminals using this email address will receive instructions on how to pay a ransom. This ransom will be of several hundred dollars to be paid in Bitcoin. However, there is no guarantee that the criminals will help the victim restore the data after the payment is made. Because of this, it is advised to avoid paying the Patagonia92@tutanota.com Ransomware ransom or contact the criminals.
Protecting Your Data from Threats Like the Patagonia92@tutanota.com Ransomware
The best protection from threats like the Patagonia92@tutanota.com Ransomware is to have file backups on external storages. Having file backups allows computer users to restore their data relatively quickly without having to go through the criminals responsible for the attack. Apart from file backups, PC security researchers advise computer users to have a strong security program that is fully up-to-date to intercept the Patagonia92@tutanota.com Ransomware before it is installed or remove this threat before restoring the files from a file backup. Unfortunately, without the decryption key, there is no way to decrypt files currently so that file backups are the best option.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.