AIR Ransomware

AIR Ransomware Description

The AIR Ransomware is a brand-new ransomware threat that emerged at the beginning of November. Once malware experts spotted the harmful activity of the AIR Ransomware, they studied the threat and found that it is a variant of the Major Ransomware. Many cyber crooks base their file-locking Trojans on already established ransomware threats, as this is much less time-consuming than building a threat from scratch.

Propagation and Encryption

The propagation method used in the spreading of the AIR Ransomware is not known yet. Often, cybercriminals utilize spam email campaigns, bogus application updates, fake pirated variants of popular software tools, and torrent trackers, among many other propagation methods. The AIR Ransomware goes after a large variety of file types. Threats of this class make sure to cause as much damage as possible, once they infiltrate the target’s computer. This makes it more probable for the victim to give in and pay the ransom fee demanded by the attackers. Upon infecting the host, the AIR Ransomware will scan its contents looking for the file types it was programmed to target. When the scan is completed, the AIR Ransomware will proceed by applying an encryption algorithm to lock the targeted data. When this ransomware threat encrypts a file, it also will alter its extension. The AIR Ransomware appends a '..ex_parvis@aol.com.AIR' extension to the end of the file names of all affected files. For example, a file named ‘fluffy-cat.jpeg’ originally will be renamed to ‘fluffy-cat.jpeg..ex_parvis@aol.com.AIR' where the ‘VICTIM ID’ part stands for a uniquely generated ID for each victim.

The Ransom Note

After the AIR Ransomware has completed its encryption process, the threat will drop a ransom note on the user’s desktop. The note’s name is ‘TRY_TO_READ.html’ and is rather concise. In it, the attackers inform the users that all their data has been encrypted and warn them against attempting to unlock the files with third-party software. They do not mention a specific ransom fee. The authors demand to be contacted via email and provide three email addresses – ‘ex_parvis@aol.com,’ ‘ex_parvis@tutanota.com,’ and ‘ex_parvis@protonmail.com.’

Malware experts warn against contacting cyber crooks and attempting to reach a deal with them. Many users who pay up are never given the decryption key, which the attackers promise. This is why it is a better idea to trust a legitimate anti-malware solution that will cleanse your system of the AIR Ransomware and keep your computer safe in the future.

Do You Suspect Your PC May Be Infected with AIR Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like AIR Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.