Apophis Ransomware
The Apophis Ransomware is an encryption ransomware Trojan that PC security researchers observed in mid-April, 2018. The Apophis Ransomware seems to be a variant in the Jigsaw Ransomware family. The Apophis Ransomware, like many other ransomware Trojans, is being delivered through corrupted spam email attachments, in the form of DOCX files with embedded macro scripts that download and install the Apophis Ransomware. Like other Jigsaw Ransomware variants, the Apophis Ransomware will pressure the victim into paying the ransom within 24 hours.
Another Deity Being Used to Name a Vicious Attack
The Apophis Ransomware will scan the victim's drives in search of numerous user-generated file types. Below are some examples of the files that ransomware threats like the Apophis Ransomware will search for in their attack:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The purpose of the Apophis Ransomware attack is to make the victim's files inaccessible, taking them hostage essentially. The Apophis Ransomware will use a combination of the RSA and AES encryptions to make the victim's data impossible to access without the decryption key. The Apophis Ransomware will use an encryption method that makes it easy to identify the damaged files because the Apophis Ransomware adds the file extension '.fun' to each file encrypted by the attack. The techniques used by the Apophis Ransomware attack are the same ones used by most encryption ransomware Trojans operating today. The Apophis Ransomware delivers a ransom note, which details the attack and demands that the victim pay a fee to prevent the files from being deleted. The Apophis Ransomware delivers its ransom message in the form of a program window that contains the following message:
'You have been hacked by Apophis Squad!
We have encrypted your files using AES 256, which is NOT easy to reverse! XD
Do not panic, we will let you fix this by sending us a payment.
However I've already encrypted your personal files, so you cannot access them.
Twitter: @apophissquadv2 Web: apophissquad[.]ru Maker: P13x13t
[1H COUNDDOWN TIMER]
Time till file delete.
{View encrypted files|BUTTON]
Send $500 worth of Bitcoin here:
[34 RANDOM CHARCTERS]
[I made a payment, now give me back my files!|BUTTON]'
A simple executable file named ‘msiexec.exe’ creates the Apophis Ransomware ransom note. The Apophis Ransomware also will drop a couple of text files on the victim's computer. Unfortunately, the encryption method used to take the victim's files hostage is quite advanced, and it is not possible to restore files encrypted by the Apophis Ransomware attack currently.
Protecting Your Data from Threats Like the Apophis Ransomware
Computer users that want to protect their data from threats like the Apophis Ransomware should take preventive actions. The best way to ensure that your files are safe from these threats is to have file backups either on the cloud or an external device. Having file backups can allow computer users to restore their files easily after an attack since it takes away any leverage from the con artists, which may allow them to pressure victims into paying. Apart from file backups, PC security researchers strongly advise computer users to use a strong security program that is fully up-to-date to intercept and remove threats like the Apophis Ransomware.
