'.0ff File Extension' Ransomware

'.0ff File Extension' Ransomware Description

The '.0ff File Extension' Ransomware is an encryption ransomware Trojan that is used to extort computer users. The '.0ff File Extension' Ransomware first appeared in November of 2016 and is a variant in a family of ransomware Trojans that has been around for a while. The '.0ff File Extension' Ransomware is a variant of an older family of ransomware commonly known as BitMessage, which preceded larger, more recent families such as Locky and Crysis. The '.0ff File Extension' Ransomware receives this name because it identifies the encrypted files with the extension '.0ff' in a way similar to a large number of similar ransomware Trojans that have appeared in the same period.

How the '.0ff File Extension' Ransomware may Enter a Computer

The '.0ff File Extension' Ransomware is typically delivered in corrupted spam email attachments. A common method that allows con artists to infect the victims' computers with the '.0ff File Extension' Ransomware involves sending them Microsoft Office documents that have macros enabled. These macros exploit a vulnerability in these applications, which allows con artists to load threats like the '.0ff File Extension' Ransomware onto the victim's computer. Corrupted spam email messages used to distribute the '.0ff File Extension' Ransomware may use some social engineering component to trick the victim into opening the attached file. For example, the email may be disguised as an email from a bank, a social media platform or a messaging company.

The '.0ff File Extension' Ransomware Uses a Strong Encryption Method

Once the people responsible for the '.0ff File Extension' Ransomware manage to install this threat on the victim's computer, it will initiate its attack. The '.0ff File Extension' Ransomware is designed to encrypt the victim's files using an advanced encryption method that involves two encryption algorithms: one to encrypt the victim's data and the other to encrypt the decryption key itself. This allows third parties to hold the decryption key necessary to decode the victim's files, essentially taking them hostage. The files encrypted by the '.0ff File Extension' Ransomware will no longer be accessible without the decryption key.

The Ransom Demanded by the '.0ff File Extension' Ransomware

After the '.0ff File Extension' Ransomware has finished encrypting the victim's files, it displays a ransom note in the form of a text file that is dropped on the victim's Desktop. The file is named 'READNOW!!!.txt.' The contents of this text file are displayed below:

All your files have been encrypted using our private key. There is no way to recover them without our assistance.
If you want to get your files back, you must be ready to pay for them.
If you are ready to pay then follow the instructions:
1) Create an archive (rar or zip) with 3 files inside:
Secret.key + Secret.key2 (should be on your desktop) + Any encrypted file of a small size. It can be a .doc or .pdf or .xls or whatever you have. 5 mb max. Note that this file should have this extention: .0ff; please don`t put more than one file in the archive, one file is enough. If you can`t find Secret.key2, that`s OK. It will take just a little bit more time to restore your files, so you shouldn`t worry.
2) Upload this archive to any file sharing site. Dropbox, Google Drive, sendspace.com etc.
3) Go to http://bitmessage.org/ and download Bitmessage.
4) Run Bitmessage. Select 'Your Identities' tab. Then click New. Then click OK.
Then select 'Send' tab.
TO: BM-[34 random characters] (this is our address)
SUBJECT: I want my files back, you bastards! I`m ready to pay! (You can put your PC name here as well)
MESSAGE: Link to the archive with three files in it.
Then click Send.'

Do not Pay the '.0ff File Extension' Ransomware Ransom

Con artists are notorious for not keeping their word. PC security researchers do not advise paying the large ransom associated with the '.0ff File Extension' Ransomware. To prevent the '.0ff File Extension' Ransomware attacks, computer users are advised to have backups of all files and to update the backups regularly.

Do You Suspect Your PC May Be Infected with '.0ff File Extension' Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like '.0ff File Extension' Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

'.0ff File Extension' Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 file.exe 2,057,974 217c23371f1d91e81beac74a759be045 2
More files

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.