AIR Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 11 |
First Seen: | December 30, 2011 |
Last Seen: | September 11, 2021 |
OS(es) Affected: | Windows |
The AIR Ransomware is a brand-new ransomware threat that emerged at the beginning of November. Once malware experts spotted the harmful activity of the AIR Ransomware, they studied the threat and found that it is a variant of the Major Ransomware. Many cyber crooks base their file-locking Trojans on already established ransomware threats, as this is much less time-consuming than building a threat from scratch.
Propagation and Encryption
The propagation method used in the spreading of the AIR Ransomware is not known yet. Often, cybercriminals utilize spam email campaigns, bogus application updates, fake pirated variants of popular software tools, and torrent trackers, among many other propagation methods. The AIR Ransomware goes after a large variety of file types. Threats of this class make sure to cause as much damage as possible, once they infiltrate the target’s computer. This makes it more probable for the victim to give in and pay the ransom fee demanded by the attackers. Upon infecting the host, the AIR Ransomware will scan its contents looking for the file types it was programmed to target. When the scan is completed, the AIR Ransomware will proceed by applying an encryption algorithm to lock the targeted data. When this ransomware threat encrypts a file, it also will alter its extension. The AIR Ransomware appends a '.
The Ransom Note
After the AIR Ransomware has completed its encryption process, the threat will drop a ransom note on the user’s desktop. The note’s name is ‘TRY_TO_READ.html’ and is rather concise. In it, the attackers inform the users that all their data has been encrypted and warn them against attempting to unlock the files with third-party software. They do not mention a specific ransom fee. The authors demand to be contacted via email and provide three email addresses – ‘ex_parvis@aol.com,’ ‘ex_parvis@tutanota.com,’ and ‘ex_parvis@protonmail.com.’
Malware experts warn against contacting cyber crooks and attempting to reach a deal with them. Many users who pay up are never given the decryption key, which the attackers promise. This is why it is a better idea to trust a legitimate anti-malware solution that will cleanse your system of the AIR Ransomware and keep your computer safe in the future.