2048 Ransomware

2048 Ransomware Description

One of the malware kind you can happen to cross paths is ransomware. This threat will sneak into your computer, sniff out your data, encrypt it, and then attempt to extort you for money. Among the most popular ransomware families of 2019 is the Dharma Ransomware family. There are dozens upon dozens of Dharma Ransomware variants plaguing users worldwide. One of the newest variants of the Dharma Ransomware is called 2048 Ransomware.

Propagation and Encryption

It is likely that the authors of the 2048 Ransomware are propagating it via several infection vectors. However, malware researchers do not have any conclusive information. They believe that the 2048 Ransomware may be spread with the help of fake emails. Often, these emails have a misleading message aiming to trick the user into opening a macro-laced attachment that is usually disguised as an important document. Opening the fake attachment will enable the ransomware threat to hijack the user's system. There are other popular methods of distributing threats of this class – bogus application updates, fraudulent pirated copies of popular software services, torrent trackers, etc. The 2048 Ransomware looks for a wide range of file types that are likely to be present on any regular user’s system - .jpeg, .jpg, .doc, .docx, .ppt, .pptx, .gif, .mp3, .mp4, .mov, .pdf, .xls, .xlsx, .rar, etc. Next, the 2048 Ransomware will begin encrypting the files of interest. When the 2048 Ransomware encrypts a file, it will append a new extension to its name – '.id-.[rsa2048@cock.li].2048.' As you can see from the additional extension, the 2048 Ransomware generates a unique victim ID for each affected user.

The Ransom Note

In the next step of the attack, the 2048 Ransomware will drop a ransom note on the desktop of the compromised host. The ransom message is stored in two files – 'FILES ENCRYPTED.txt' and 'Info.hta.' In the ransom message, the attackers claim that recovering any data without paying the fee is impossible. However, they do not mention a specific sum. The user is asked to get in touch with the authors of the 2048 Ransomware via email – ‘rsa2048@cock.li.'

Paying the ransom fee is never a good idea. Authors of ransomware threats deliver on their promises rarely, and even if you pay the sum demanded, it is likely you will never receive the decryption key you need to reverse the damage done to your data. It is far safer to look into obtaining a legitimate anti-malware application, which will aid you in removing the 2048 Ransomware from your system for good.

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.