Amnesia Ransomware

The Amnesia Ransomware is a ransomware Trojan that is used to take the victims' files hostage. Ransomware Trojans like the Amnesia Ransomware are designed to encrypt the victim's files using a strong encryption algorithm. Then, the victim is requested to pay a large ransom amount to recover the affected files.

The Amnesia Ransomware Makes Your Files Inaccessible

PC security researchers believed the Amnesia Ransomware to be a variant of the infamous Globe Ransomware family originally. However, it seems that the Amnesia Ransomware is an isolated ransomware Trojan, not based on an existing ransomware platform directly (although the code is often recycled in these attacks). Like other ransomware Trojans, the Amnesia Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. The Amnesia Ransomware will then demand the payment of a large ransom to restore the affected files. The Amnesia Ransomware may be delivered through spam email attachments, although the Amnesia Ransomware also may be delivered via other methods (such as hacking into the victims' computers directly). In the case of the spam email messages used to deliver the Amnesia Ransomware, PC security researchers have noted that these emails may include corrupted email attachments in the form of text files that use corrupted macros to execute a corrupted code on the victim's computer.

How the Amnesia Ransomware Infection Works

After the Amnesia Ransomware is installed and loaded on the infected computer's memory, it begins its attack. The Amnesia Ransomware will connect with its Command and Control server to report the infected computer's data, including its IP address, location, and information about the infected operating system. The Amnesia Ransomware will then encrypt the victim's files using a strong encryption algorithm. All files encrypted in the Amnesia Ransomware attack will have the file extension '.amnesia' added to the end of each file's name. The files encrypted in the Amnesia Ransomware attack will no longer be readable and may show up as blank icons in the Windows Explorer. The Amnesia Ransomware targets a wide variety of files, generally looking for user generated files that may include spreadsheets, text documents, images, videos, music files, databases, etc. The Amnesia Ransomware delivers its ransom note in the form of a text file named 'HOW TO RECOVER ENCRYPTED FILES.TXT.' This file alerts the victim of the attack and demands the payment of a ransom to recover the infected files. The full text of the Amnesia Ransomware ransom note:

'YOUR FILES ARE ENCRYPTED!
Your personal ID:
[RANDOM CHRACTERS]
Attention! What happened?
Your documents, databases and other important data has been encrypted.
If you want to restore files send an email to: s1an1er111@protonmail.com
In a letter to indicate your personal identifier (see in the beginning of this document).
Attention!
* Do not attempt to remove the program or run the anti-virus tools.
* Attempts to self-decrypting files will result in the loss of your data.
* Decoders are not compatible with other users of your data, because each user's unique encryption key.'

Dealing with the Amnesia Ransomware

When the Amnesia Ransomware encrypts your files, it may not be possible to decrypt them without the use of the decryption key (which the con artists hold in their possession). A combination of the AES and RSA encryption is used to take over the victims' files. PC security researchers do not recommend that victims of the Amnesia Ransomware attack pay the Amnesia Ransomware ransom because this allows the con artists to continue carrying out the attacks, as well as not guaranteeing the recovery of the affected files. The best protection against the Amnesia Ransomware and similar ransomware threats is to have backups of all files on an independent memory device or the cloud, as well as a reliable security program that is fully up-to-date and capable of intercepting the Amnesia Ransomware and similar threat attacks.

SpyHunter Detects & Remove Amnesia Ransomware