24H Ransomware Description
The 24H Ransomware is an encryption ransomware Trojan that was first observed on July 6, 2018. The 24H Ransomware is typically delivered to victims in the form of a corrupted Microsoft Word file attached to spam email messages. There doesn't seem to be much to differentiating the 24H Ransomware from many other encryption ransomware Trojans active today since this is a typical delivery method associated with numerous ransomware Trojans. The 24H Ransomware attacks are focused on computers in Zambia, although it does not seem that the 24H Ransomware is being used as a specific geographically targeted threat, as many others are. Known infections involving the 24H Ransomware currently may be tests or being used to prepare for a wider ransomware campaign possibly.
Regretfully the 24H Ransomware Infection will Last More than 24H
The 24H Ransomware uses a custom AES encryption algorithm to make the victim's files inaccessible. The 24H Ransomware targets the user-generated files, including numerous documents, databases, archives, media files, and other file types. Threats like the 24H Ransomware may target the following files on their attacks:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Unfortunately, once the 24H Ransomware encrypts the files, they will not be recoverable. The only way to decrypt the files encrypted by the 24H Ransomware is with the decryption key, which the criminals responsible for the 24H Ransomware hold in their possession. The 24H Ransomware will add the file extension '.24H' to the affected files' names, which makes it easy to discern which ones were affected.
The 24H Ransomware's Ransom Demand
The 24H Ransomware delivers a ransom note in the form of a text file named 'ReadME-24H.txt,' which is displayed on the infected computer's desktop after encrypting the victim's files. The 24H Ransomware ransom note demands a ransom payment of 0.24 Bitcoin, 1,600 USD approximately at the current exchange rate. The 24H Ransomware's ransom note is contained on a text file, which delivers the following message to the victim of the 24H Ransomware attack:
'Welcome to the '24H' Ransomeware! all your system information is encrypted. For receive the decryption program, transfer 0.24 bitcoins to 1FniWsB6T3n7GjBGs3UizspTshBvt9qFqR address and then send your request to the '24H@tutanota.com' and '24HDecryptor@Mail.ru' email addresses. Your Personal KEY: [redacted 256 bytes in base64]'
Fortunately, the Bitcoin wallet address mentioned in the 24H Ransomware ransom note has not had any payments at the time of this report, and it is possible that the 24H Ransomware project itself has not continued to be used to carry out attacks. However, it is important to take precautions to ensure that your data is safe from this threat.
Protecting Your Data from Threats Like the 24H Ransomware
The best way to protect your data from threats like the 24H Ransomware is to have file backups. Apart from having file backups, PC security advisers warn computer users that they need to make sure that they have an updated security program, as well as mechanisms to halt spam emails, which are a typical delivery method for threats like the 24H Ransomware.