'safeanonym14@sigaint.org' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 1 |
First Seen: | February 28, 2017 |
Last Seen: | September 30, 2020 |
OS(es) Affected: | Windows |
The 'safeanonym14@sigaint.org' Ransomware is an encryption ransomware Trojan that is used to demand the payment of a ransom from victims after taking their files hostage. The 'safeanonym14@sigaint.org' Ransomware is unique in that it uses one hundred different email accounts to communicate with its victims to carry out payment. PC security analysts detected the 'safeanonym14@sigaint.org' Ransomware when analyzing a threat that was uploaded to online anti-virus scanners. It is common for cyber crooks to upload their threat creations in development to these online platforms as a way to test whether they are capable of evading detection.
Fortunately, the 'safeanonym14@sigaint.org' Ransomware is not Been Delivered Diligently
The 'safeanonym14@sigaint.org' Ransomware seems to be in development currently. In its present-day form, the 'safeanonym14@sigaint.org' Ransomware has one hundred hard-coded email accounts into its settings to communicate with the Command and Control server. Because of this, PC security researchers suspect that the developers of the 'safeanonym14@sigaint.org' Ransomware may be responsible for dozens of other ransomware threats. The only version of the 'safeanonym14@sigaint.org' Ransomware that has been observed in the wild is in development presently and has not been distributed actively. However, once the 'safeanonym14@sigaint.org' Ransomware becomes distributed, it is likely that it will be delivered to victims through the use of spam email messages containing corrupted file attachments.
The 'safeanonym14@sigaint.org' Ransomware is Under Development Currently
From studying the 'safeanonym14@sigaint.org' Ransomware's code, malware researchers have determined that the version under development of the 'safeanonym14@sigaint.org' Ransomware that has been sighted has meaningful flaws. The 'safeanonym14@sigaint.org' Ransomware displays a message box that includes the decryption password before the 'safeanonym14@sigaint.org' Ransomware encrypts the victim's files. The password is also saved in the infected computer's Registry. This may have been done to facilitate testing of the 'safeanonym14@sigaint.org' Ransomware threat during development. Knowing about this occurrence means that it is very simple to recover from the 'safeanonym14@sigaint.org' Ransomware. Without those vulnerabilities, however, the 'safeanonym14@sigaint.org' Ransomware carries out an encryption ransomware attack that is quite strong. The 'safeanonym14@sigaint.org' Ransomware encrypts files on local disks, as well as on removable memory devices. The 'safeanonym14@sigaint.org' Ransomware will add the extension '.enc' to the end of the infected files.
The Email Accounts Associated with the 'safeanonym14@sigaint.org' Ransomware Attack
One hundred email accounts are hard-coded into the 'safeanonym14@sigaint.org' Ransomware for communications between victims and attackers. Many of these email accounts are on the mail.ru domain. The 'safeanonym14@sigaint.org' Ransomware's decryption password is solicited using a random email account. Payment instructions for the 'safeanonym14@sigaint.org' Ransomware are delivered through an HTA pop-up message with the name 'YOUR PC HAS BEEN BLOCKED.' This message includes a countdown clock claiming that after 24 hours the password would be deleted. The 'safeanonym14@sigaint.org' Ransomware demands the payment of a ransom of $100 USD to recover from the attack.
The following email accounts have been associated with the 'safeanonym14@sigaint.org' Ransomware attack:
- alfred.podzolkov.1975@mail.ru
- babulov75@mail.ru
- emashkina.dana@mail.ru
- evgesha.alasheeva@mail.ru
- g_puganow@mail.ru
- gradun_85@mail.ru
- ira.dvoytseva.89@mail.ru
- irisha.otarshchikova@mail.ru
- izheev2018@mail.ru
- kaibova_e@mail.ru
- karina.balakova.97@mail.ru
- kislichko.b@mail.ru
- krumer.84@mail.ru
- kultepov.senya@mail.ru
- l_minifaev@mail.ru
- larion.kharinskiy.76@mail.ru
- lenya.kutin.84@mail.ru
- leonard.bubuk.74@mail.ru
- mari.figura.80@mail.ru
- mari.trayte1.83@mail.re
- martyshenko-1974@mail.ru
- nkonygin@mail.ru
- ostroverkhova2018@mail.ru
- pareshina.vera@mail.ru
- patrova.2018@mail.ru
- pesikova_1977@mail.ru
- r.granchallmail.ru
- roksana.maleshina.89@mail.ru
- rostislava-kalinagmail.ru
- sarkis.2018@mail.ru
- sayfina.innochka@mail.run
- serga.albinka@mail.ru
- shaykhulova1993@mail.ru
- slavochka.romokhov@mail.ru
- t-lifintseva@mail.ru
- tAsurenkov@mail.ru
- tyazheva.1983@mail.ru
- vera.pasik.1994@mail.ru";
- vlada.khalko.1984@mail.ru
- volisov.1990@mail.ru
- volosevich.2018@mail.re
- zhozefinadvanzina.97@mail.ru
Dealing with the 'safeanonym14@sigaint.org' Ransomware
In its attack, the 'safeanonym14@sigaint.org' Ransomware shows the password required to recover the affected files. The version of the 'safeanonym14@sigaint.org' Ransomware that was being observed currently uses the password 'g3On18lf' to decrypt the affected files. Of course, it is unlikely that this flaw will remain when the 'safeanonym14@sigaint.org' Ransomware is distributed publicly (or some version of it). Rather, it is likely that this feature is part of the development process, which allows the con artists to test the 'safeanonym14@sigaint.org' Ransomware as they develop it while also being able to recover quickly. As with all encryption ransomware Trojans, the best protection against these infections is having backup copies of all files on external memory devices. Good file backups allow computer users to restore the affected files from a backup, removing the leverage that allows extortionists to demand ransom payments from victims.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.