ABC Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 16 |
| First Seen: | June 11, 2021 |
| Last Seen: | October 19, 2022 |
| OS(es) Affected: | Windows |
The ABC Ransomware is a typical ransomware encryption Trojan. The ABC Ransomware uses the AES 256 encryption to make the victims' files inaccessible. The ABC Ransomware seems to be a variant in the Globe family of ransomware Trojans. The ABC Ransomware, like many similar threats, is delivered to the victim through spam email messages with damaged file attachments.
How the ABC Ransomware Attacks a Computer
Using a combination of the AES and RSA encryptions, the ABC Ransomware makes the victim's files inaccessible and reports to its Command and Control servers online. This means that the decryption key will be away from the reach of the victims, security software or malware researchers. The ABC Ransomware encrypts the user-generated files, targeting a wide variety of file types, which include media, documents, and various other commonly used file types. The ABC Ransomware will mark the encrypted files with a string of eight random characters that are added as a file extension at the end of the file's names. The file types that may be targeted in threat attacks similar to the ABC Ransomware are:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The ABC Ransomware's Ransom Demand
The ABC Ransomware delivers its ransom note in a file named 'READ_IT.html' on the infected computer's desktop. This file urges the victim to connect to a Dark Web website using TOR, where they are invited to purchase a program named 'ABC Decryptor™' and offered the option of uploading and decrypting a single file. However, paying the ransom or establishing contact with these people is not the right choice. Instead, file backups should be used to restore affected files and a dedicated security suite used to remove the ABC Ransomware infection itself. The ransom message used by the ABC Ransomware reads:
'All your files have been encrypted!
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption tool that will decrypt all your files.
Decryption as guarantee
Your documents, photos, databases and other important files have been encrypted cryptographically strong, without the original key recovery is impossible! To decrypt your files you need to buy the special software - "DECRYPTER" Using another tools could corrupt your files, in case of using third party software we dont give guarantees that full recovery is possible so use it on your own risk. If you want to restore files, go to on our site: 1) Download TOR-Browser (hxxps://www.torproject.org/download/download) 2) Run it 3) Go to hxxp://cr7icbfqm64hixta.onion
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Wait from us for reply to your mail within 48 hours.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Your personal ID: [EDITED]'
Refrain from following the instructions in the above ransom note so as not to support these people in creating and developing new ransomware Trojans.
