'.0ff File Extension' Ransomware Description
The '.0ff File Extension' Ransomware is an encryption ransomware Trojan that is used to extort computer users. The '.0ff File Extension' Ransomware first appeared in November of 2016 and is a variant in a family of ransomware Trojans that has been around for a while. The '.0ff File Extension' Ransomware is a variant of an older family of ransomware commonly known as BitMessage, which preceded larger, more recent families such as Locky and Crysis. The '.0ff File Extension' Ransomware receives this name because it identifies the encrypted files with the extension '.0ff' in a way similar to a large number of similar ransomware Trojans that have appeared in the same period.
How the '.0ff File Extension' Ransomware may Enter a Computer
The '.0ff File Extension' Ransomware is typically delivered in corrupted spam email attachments. A common method that allows con artists to infect the victims' computers with the '.0ff File Extension' Ransomware involves sending them Microsoft Office documents that have macros enabled. These macros exploit a vulnerability in these applications, which allows con artists to load threats like the '.0ff File Extension' Ransomware onto the victim's computer. Corrupted spam email messages used to distribute the '.0ff File Extension' Ransomware may use some social engineering component to trick the victim into opening the attached file. For example, the email may be disguised as an email from a bank, a social media platform or a messaging company.
The '.0ff File Extension' Ransomware Uses a Strong Encryption Method
Once the people responsible for the '.0ff File Extension' Ransomware manage to install this threat on the victim's computer, it will initiate its attack. The '.0ff File Extension' Ransomware is designed to encrypt the victim's files using an advanced encryption method that involves two encryption algorithms: one to encrypt the victim's data and the other to encrypt the decryption key itself. This allows third parties to hold the decryption key necessary to decode the victim's files, essentially taking them hostage. The files encrypted by the '.0ff File Extension' Ransomware will no longer be accessible without the decryption key.
The Ransom Demanded by the '.0ff File Extension' Ransomware
After the '.0ff File Extension' Ransomware has finished encrypting the victim's files, it displays a ransom note in the form of a text file that is dropped on the victim's Desktop. The file is named 'READNOW!!!.txt.' The contents of this text file are displayed below:
All your files have been encrypted using our private key. There is no way to recover them without our assistance.
If you want to get your files back, you must be ready to pay for them.
If you are ready to pay then follow the instructions:
1) Create an archive (rar or zip) with 3 files inside:
Secret.key + Secret.key2 (should be on your desktop) + Any encrypted file of a small size. It can be a .doc or .pdf or .xls or whatever you have. 5 mb max. Note that this file should have this extention: .0ff; please don`t put more than one file in the archive, one file is enough. If you can`t find Secret.key2, that`s OK. It will take just a little bit more time to restore your files, so you shouldn`t worry.
2) Upload this archive to any file sharing site. Dropbox, Google Drive, sendspace.com etc.
3) Go to http://bitmessage.org/ and download Bitmessage.
4) Run Bitmessage. Select 'Your Identities' tab. Then click New. Then click OK.
Then select 'Send' tab.
TO: BM-[34 random characters] (this is our address)
SUBJECT: I want my files back, you bastards! I`m ready to pay! (You can put your PC name here as well)
MESSAGE: Link to the archive with three files in it.
Then click Send.'
Do not Pay the '.0ff File Extension' Ransomware Ransom
Con artists are notorious for not keeping their word. PC security researchers do not advise paying the large ransom associated with the '.0ff File Extension' Ransomware. To prevent the '.0ff File Extension' Ransomware attacks, computer users are advised to have backups of all files and to update the backups regularly.
Do You Suspect Your PC May Be Infected with '.0ff File Extension' Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like '.0ff File Extension' Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
File System Details
|#||File Name||Size||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.