Threat Database Ransomware anonimus.mr@yahoo.com Ransomware

anonimus.mr@yahoo.com Ransomware

By GoldSparrow in Ransomware

The 'anonimus.mr@yahoo.com' Ransomware is an encryption ransomware Trojan. The email address associated with the 'anonimus.mr@yahoo.com' Ransomware attack was first seen in the Aurora Ransomware threat, first released on May 29, 2018. PC security researchers observed the use of this email address with a new variant in the Scarab family of ransomware, the 'anonimus.mr@yahoo.com' Ransomware. Scarab is a large family of ransomware Trojans that has released numerous variants since early May 2018, which may be related to the release of this ransomware as a RaaS (Ransomware as a Service) platform.

The Ironic Name of the 'anonimus.mr@yahoo.com' Ransomware

The 'anonimus.mr@yahoo.com' Ransomware, like most encryption ransomware Trojans, functions by taking the victim's files hostage. The 'anonimus.mr@yahoo.com' Ransomware targets the user-generated files, which may include a wide variety of file types, ranging from media files to many documents. The files that are targeted by the 'anonimus.mr@yahoo.com' Ransomware attack include:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The 'anonimus.mr@yahoo.com' Ransomware delivers its ransom note in the form of a text file named 'HOW TO RECOVER ENCRYPTED FILES.txt' that is dropped on the infected computer's desktop. This ransom note's text reads as follows:

'YOU FILES WAS ENCRYPTED
YOURS PERSONAL IDENTIFICATOR
[random characters]
[WHAT HAPPENED]
Your important files produced on this computer have been encrypted due a security problem
If you want to restore them, write us to the e-mail: anonimus.mr@yahoo.com
You have to pay for decryption. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
[FREE DECRYPTION AS GUARANTEE]
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb
[ATTENTION]
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 2 day - your key has been deleted and you cant decrypt your files.'

Dealing with the the 'anonimus.mr@yahoo.com' Ransomware Attac

The best protection against threats like the 'anonimus.mr@yahoo.com' Ransomware is to have file backups. This way, computer users can recover their files by restoring them from a backup copy. Malware researchers do not recommend that computer users cooperate with the criminals or pay any ransom, no matter its amount. There isn't a guarantee that the criminals will keep their word, and they are very likely to target the victim for additional attacks once they show a willingness to make the ransom payment. Apart from file backups, computer users must use a security program to protect their computers from threats like the 'anonimus.mr@yahoo.com' Ransomware and prevent these threats from being installed.

1 Comment

Juan Antonio Cervantes Cota Reply

INFECTED. HOW TO RECOVER FILES.

Trending

Most Viewed

Loading...