Aa1 Ransomware

It would appear that cybercriminals have quite the crush on the Dharma Ransomware. More and more variants of this infamous file-locking Trojan keep popping up. This time, the variant is called Aa1 Ransomware. Ransomware threats, in general, are commonly perceived as an easy way to make a quick buck with a very low possibility of getting caught. This is why new versions of already existing data-encryption Trojans like the Dharma Ransomware keep getting regurgitated and pumped out almost daily at this point.

Similarly to most ransomware threats, the Aa1 Ransomware is believed to be spreading via the tried and tested methods of mass spam email campaigns, pirated applications and often faux updates too. When it infiltrates your PC, the Aa1 Ransomware will perform a swift scan of your data. After scanning it, it would identify all the files it is about to lock. Usually, to ensure maximum damage, ransomware threats like the Aa1 Ransomware target the most commonly found file types, which are likely to be present on every normal user's computer such as .doc, .jpeg, .gif, .mp3, .mov, .ppt, .png, .mp4, etc. When encrypted, the files will receive an additional extension following this pattern - '.id-.[who8@mail.fr].aa1,' where the 'VICTIM ID' part is replaced by the unique ID that is being generated for each affected victim. After going through the encryption process, your files will no longer be usable. Next, the Aa1 Ransomware would proceed to leave a ransom note for the victim. Often, ransom notes include the sum demanded by the attackers, instructions on how to process the payment and a contact address. However, the authors of the Aa1 Ransomware have not specified a sum. The attackers have given an email address where the victim is supposed to get in touch with them and likely receive further instructions – who8@mail.fr.

We do not recommend victims to contact the individuals behind Aa1 Ransomware. They would likely promise to decrypt all your data if you pay them what they demand. However, cybercriminals are not known for their honesty, and you will likely end up tricked. Instead, it is advisable that you obtain a legitimate anti-spyware application and wipe the Aa1 Ransomware off your system for good.