8800 Ransomware

The 8800 Ransomware is a newly spotted data-encrypting Trojan that belongs to the infamous Dharma Ransomware family – the second most active ransomware family in the whole of 2019. Many cyber crooks with little to no experience take the approach of the creators of the 8800 Ransomware – they simply borrow the code of an existing file-locking Trojan such as the Dharma Ransomware and alter it ever so slightly.

Propagation and Encryption

It is likely that the criminals responsible for the 8800 Ransomware are spreading it via corrupted spam emails. The emails in question would contain a fake message alongside an infected attachment. If the users get tricked into launching the attached file, their system will be compromised. Among other commonly used propagation methods are torrent trackers, bogus application updates and downloads, malvertising operations, etc. As soon as the 8800 Ransomware infects a system, it will perform a scan that is meant to locate the files of interest. It is likely that the 8800 Ransomware would target a very long list of filetypes for encryption – documents, presentations, images, videos, spreadsheets, audio files, databases, archives, etc. The targeted data will be locked with the help of an encryption algorithm. Once a file gets locked by the 8800 Ransomware, its name will be changed as this ransomware threat adds an '.id-.[assonmolly5@gmail.com].8800' extension. There is a uniquely generated victim ID for each affected user.

The Ransom Note

After the encryption process has been completed, the 8800 Ransomware will provide the user with a ransom message located in two files called 'FILES ENCRYPTED.txt' and 'info.hta.' The attackers do not mention what the ransom fee is, but state that users who would like to know more will have to get in touch with them via email. The authors of the 8800 Ransomware provide several email addresses via which they expect to be contacted – ‘assonmolly5@gmail.com,' ‘andrewseals560@gmail.com' and ‘helpkey@tutamail.com.'

Despite the lack of information regarding the ransom fee, rest assured that the sum is likely to be at least in the hundreds of dollars. We would advise you against cooperating with the cybercriminals, as they are likely never to hold up their end of the deal and provide you with a decryption tool. This is why it is best to download and install a genuine anti-virus software suite that will remove the 8800 Ransomware from your system.