Amnesia 2 Ransomware

The Amnesia 2 Ransomware is a ransomware Trojan that seems to be an update of the Amnesia Ransomware, a known ransomware Trojan that claimed hundreds of victims in April of 2017. The Amnesia 2 Ransomware was first observed in early June of 2017 and seems to be delivered to its victims in the same way, through the use of corrupted email attachments delivered using spam email messages.

The Ransomware that Turns Your Files Amnesic

The original Amnesia Ransomware infection carried out a typical ransomware Trojan tactic, encrypting its victims' files and then demanding the payment of a ransom in exchange for the decryption key. This ransomware Trojan uses a strong encryption algorithm to make the victim's files inaccessible. The main delivery method for this threat was the use of corrupted text files containing macro scripts designed to download and install the threat onto the victim's computer. The Amnesia 2 Ransomware uses an identical delivery method, that is fake documents distributed through spam email messages to trick computer users into downloading and installing the Amnesia 2 Ransomware onto their computers. The main difference between the Amnesia 2 Ransomware and its predecessor is the use of an updated encryption platform. The Amnesia 2 Ransomware will use new extensions to identify the files affected in the attack and a thorough encryption method to ensure that the files compromised by the Amnesia 2 Ransomware infection are unrecoverable without the decryption key completely. The Amnesia 2 Ransomware identifies the files it encrypts by adding a new file extension to the end of the affected files' names. The following file extensions (among others) have been linked to the Amnesia 2 Ransomware attack:

• .TRMT
• .[black.mirror@qq.com].oled
• .@decrypt_files2017
• .SON
• .[Help244@Ya.RU].LOCKED
• .@decrypt2017
• .CRYPTBOSS

The Amnesia 2 Ransomware also will add the file extension '.01' or '.02' to the end of the affected files. The Amnesia 2 Ransomware uses the AES-256 encryption to make the files inaccessible, targeting user generated files that include music, video, and text files, as well as files generated by software such as Adobe Acrobat Reader, Microsoft Office, Adobe Photoshop, AutoCAD and the Libre Office. After encrypting the victim's files, the Amnesia 2 Ransomware will deliver its ransom note. This ransom note is contained in an HTML file named 'RECOVER-FILES.HTML.' This file will display the following message on the infected computer:

'Your files are Encrypted!
For data recovery needs decryptor.
To buy the decryptor, you must pay the cost of 0.5 Bitcoin.
Free decryption as guarantee.
Before paying you can send us 1 file for free decryption.
To send a message or file use this form:
ID: [TEXT BOX]
Email: [TEXT BOX]
Attach file:
Bitcoin address: [TEXT BOX]'

Dealing with an Amnesia 2 Ransomware Infection

Malware analysts strongly advise computer users to avoid paying the ransom of 0.5 BitCoin (approximately $1225 USD at the current exchange rate). Besides the fact that the con artists may ignore the ransom payment or demand more money, paying these ransoms is what allows con artists to continue to create and develop ransomware Trojans like the Amnesia 2 Ransomware. Instead of paying the ransom, remove the Amnesia 2 Ransomware with the help of a reliable security program. Although the files encrypted by the Amnesia 2 Ransomware are not recoverable by using current technology, computer users can rebuild their files from a backup copy after removing all traces of the Amnesia 2 Ransomware. Because of this, having file backups on an external memory device or the cloud is the single best precaution against the Amnesia 2 Ransomware and similar threats. If computer users can restore their files from a backup copy, then the entire attack strategy of the Amnesia 2 Ransomware Trojan is negated. In fact, if enough computer users have backups copies of their files as a matter of course, then con artists will have to find an alternative to the Amnesia 2 Ransomware tactic since these ransomware tactics would no longer be effective.

SpyHunter Detects & Remove Amnesia 2 Ransomware