Threat Database Ransomware 'rescuers@india.com' Ransomware

'rescuers@india.com' Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 24
First Seen: December 20, 2016
Last Seen: June 16, 2022
OS(es) Affected: Windows

The 'rescuers@india.com' Ransomware is a ransomware Trojan that is a variant of the Globe Ransomware family. The differences between the 'rescuers@india.com' Ransomware and other threats in this family of ransomware are superficial, mainly consisting in slight alterations to the layout and the wording of the ransom note and the way the 'rescuers@india.com' Ransomware identifies the files that have been encrypted during the attack. Fortunately, the Globe Ransomware family of ransomware Trojans has been decoded by PC security researchers. Computer users that have been a victim of the the 'rescuers@india.com' Ransomware attack can often recover their files by using a decryption program released by malware researchers.

How the 'rescuers@india.com' Ransomware Carries out Its Attack

The main way in which the 'rescuers@india.com' Ransomware may be distributed is through social engineering tactics such as phishing email messages or spam email attachments. In most cases, the email message being used to deliver the 'rescuers@india.com' Ransomware will trick the computer user into opening an attached file, often by claiming that the email comes from a trustworthy source such as a delivery company or a bank. The file will often contain macros that allow it to download the 'rescuers@india.com' Ransomware from an outside server and install it on the victim's computer. These attacks may take advantage of vulnerabilities in macros that allow harmful content to be downloaded and installed without triggering security notifications.

How the 'rescuers@india.com' Ransomware may Infect a Computer

The people associated with the the 'rescuers@india.com' Ransomware attack will try to trick computer users into believing that they can help them to recover from the attack when they were, in fact, the people that caused it. The main purpose of the 'rescuers@india.com' Ransomware attack is to encrypt as many important files on the infected computer as possible. The 'rescuers@india.com' Ransomware targets more than 100 different file types, searching for specific extensions and using its encryption algorithm to encrypt them. The 'rescuers@india.com' Ransomware will target media files, video, audio, pictures, HTML files, databases, Microsoft Office documents, PDF files, eBooks and countless other types of files. The 'rescuers@india.com' Ransomware will deliver its ransom note in the form of an HTA message contained in a file named 'How to restore files.hta,' which is dropped on the victim's desktop. The 'rescuers@india.com' Ransomware demands a ransom of 1 BitCoin and the ransom note associated with the 'rescuers@india.com' Ransomware attack includes instructions on how to purchase and carry out payments using BitCoins. The ransom note also includes an identification number that computer users must provide along with the ransom payment.

Dealing with the 'rescuers@india.com' Ransomware

When dealing with any ransomware, PC security researchers strongly advise against paying the ransom fee. This is distinctly true when it comes to the 'rescuers@india.com' Ransomware, where a decryption key is available currently. Fortunately for computer users, there are decryption programs for most variants in the Globe Ransomware family. Computer users are urged to check with their PC security provider and use a Globe ransomware decryption utility to recover their files. The 'rescuers@india.com' Ransomware infection itself is not difficult to remove since a reliable security program that is fully up-to-date will be able to remove it. PC security analysts strongly urge computer users, however, to take preventive measures to ensure that more devastating attacks do not cause damage in the future.

In most cases, the files are not recoverable, as it is in this case. This is what makes encryption ransomware attacks so devastating and popular among con artists. Computer users will often have no recourse once their files have been compromised since, even after the ransomware Trojan is removed, the files will remain inaccessible. Fortunately, it is very simple to become invulnerable to these types of attacks completely. Malware analysts advise computer users to have backups of all files on the cloud or an external memory device. If computer users can recover the encrypted files from a backup, then the people responsible for these attacks will no longer have leverage or any reason to believe that the victim will pay the ransom.

Trending

Most Viewed

Loading...