'safeanonym14@sigaint.org' Ransomware

The 'safeanonym14@sigaint.org' Ransomware is an encryption ransomware Trojan that is used to demand the payment of a ransom from victims after taking their files hostage. The 'safeanonym14@sigaint.org' Ransomware is unique in that it uses one hundred different email accounts to communicate with its victims to carry out payment. PC security analysts detected the 'safeanonym14@sigaint.org' Ransomware when analyzing a threat that was uploaded to online anti-virus scanners. It is common for cyber crooks to upload their threat creations in development to these online platforms as a way to test whether they are capable of evading detection.

Fortunately, the 'safeanonym14@sigaint.org' Ransomware is not Been Delivered Diligently

The 'safeanonym14@sigaint.org' Ransomware seems to be in development currently. In its present-day form, the 'safeanonym14@sigaint.org' Ransomware has one hundred hard-coded email accounts into its settings to communicate with the Command and Control server. Because of this, PC security researchers suspect that the developers of the 'safeanonym14@sigaint.org' Ransomware may be responsible for dozens of other ransomware threats. The only version of the 'safeanonym14@sigaint.org' Ransomware that has been observed in the wild is in development presently and has not been distributed actively. However, once the 'safeanonym14@sigaint.org' Ransomware becomes distributed, it is likely that it will be delivered to victims through the use of spam email messages containing corrupted file attachments.

The 'safeanonym14@sigaint.org' Ransomware is Under Development Currently

From studying the 'safeanonym14@sigaint.org' Ransomware's code, malware researchers have determined that the version under development of the 'safeanonym14@sigaint.org' Ransomware that has been sighted has meaningful flaws. The 'safeanonym14@sigaint.org' Ransomware displays a message box that includes the decryption password before the 'safeanonym14@sigaint.org' Ransomware encrypts the victim's files. The password is also saved in the infected computer's Registry. This may have been done to facilitate testing of the 'safeanonym14@sigaint.org' Ransomware threat during development. Knowing about this occurrence means that it is very simple to recover from the 'safeanonym14@sigaint.org' Ransomware. Without those vulnerabilities, however, the 'safeanonym14@sigaint.org' Ransomware carries out an encryption ransomware attack that is quite strong. The 'safeanonym14@sigaint.org' Ransomware encrypts files on local disks, as well as on removable memory devices. The 'safeanonym14@sigaint.org' Ransomware will add the extension '.enc' to the end of the infected files.

The Email Accounts Associated with the 'safeanonym14@sigaint.org' Ransomware Attack

One hundred email accounts are hard-coded into the 'safeanonym14@sigaint.org' Ransomware for communications between victims and attackers. Many of these email accounts are on the mail.ru domain. The 'safeanonym14@sigaint.org' Ransomware's decryption password is solicited using a random email account. Payment instructions for the 'safeanonym14@sigaint.org' Ransomware are delivered through an HTA pop-up message with the name 'YOUR PC HAS BEEN BLOCKED.' This message includes a countdown clock claiming that after 24 hours the password would be deleted. The 'safeanonym14@sigaint.org' Ransomware demands the payment of a ransom of $100 USD to recover from the attack.

The following email accounts have been associated with the 'safeanonym14@sigaint.org' Ransomware attack:

• alfred.podzolkov.1975@mail.ru
• babulov75@mail.ru
• emashkina.dana@mail.ru
• evgesha.alasheeva@mail.ru
• g_puganow@mail.ru
• gradun_85@mail.ru
• ira.dvoytseva.89@mail.ru
• irisha.otarshchikova@mail.ru
• izheev2018@mail.ru
• kaibova_e@mail.ru
• karina.balakova.97@mail.ru
• kislichko.b@mail.ru
• krumer.84@mail.ru
• kultepov.senya@mail.ru
• l_minifaev@mail.ru
• larion.kharinskiy.76@mail.ru
• lenya.kutin.84@mail.ru
• leonard.bubuk.74@mail.ru
• mari.figura.80@mail.ru
• mari.trayte1.83@mail.re
• martyshenko-1974@mail.ru
• nkonygin@mail.ru
• ostroverkhova2018@mail.ru
• pareshina.vera@mail.ru
• patrova.2018@mail.ru
• pesikova_1977@mail.ru
• r.granchallmail.ru
• roksana.maleshina.89@mail.ru
• rostislava-kalinagmail.ru
• sarkis.2018@mail.ru
• sayfina.innochka@mail.run
• serga.albinka@mail.ru
• shaykhulova1993@mail.ru
• slavochka.romokhov@mail.ru
• t-lifintseva@mail.ru
• tAsurenkov@mail.ru
• tyazheva.1983@mail.ru
• vera.pasik.1994@mail.ru";
• vlada.khalko.1984@mail.ru
• volisov.1990@mail.ru
• volosevich.2018@mail.re
• zhozefinadvanzina.97@mail.ru

Dealing with the 'safeanonym14@sigaint.org' Ransomware

In its attack, the 'safeanonym14@sigaint.org' Ransomware shows the password required to recover the affected files. The version of the 'safeanonym14@sigaint.org' Ransomware that was being observed currently uses the password 'g3On18lf' to decrypt the affected files. Of course, it is unlikely that this flaw will remain when the 'safeanonym14@sigaint.org' Ransomware is distributed publicly (or some version of it). Rather, it is likely that this feature is part of the development process, which allows the con artists to test the 'safeanonym14@sigaint.org' Ransomware as they develop it while also being able to recover quickly. As with all encryption ransomware Trojans, the best protection against these infections is having backup copies of all files on external memory devices. Good file backups allow computer users to restore the affected files from a backup, removing the leverage that allows extortionists to demand ransom payments from victims.