Argus Ransomware
The Argus Ransomware is an encryption ransomware Trojan that was first observed on November 10, 2018. The Argus Ransomware uses the RSA and AES encryptions to make victim's files inaccessible and then requests a ransom payment in exchange for the decryption key. Typically, the Argus Ransomware is delivered to the victims via corrupted spam email attachments. The files that are often targeted in these attacks include:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip.
How the Argus Ransomware Attacks a Computer
The Argus Ransomware marks the files encrypted by its attack by adding the file extension '.ARGUS' to each file that is compromised. After the Argus Ransomware encrypts the victim's files, along with the Shadow Volume Copies of the files and the Windows Restore points, the Argus Ransomware delivers a ransom note in the form of an HTML file named 'ARGUS-DECRYPT.html,' which contains the following text:
'ARGUS CRYPTOR V1.0
Attention!
All your files, documents, photos, databases and other important files are encrypted!
The only method of recovering files is to purchase an unique private key. Only WE can recover your files!
You can get the private key by email as well as through a closed TOR network. You can get there by the following ways
Main email : argusdecrypt@cock.li
Reserved email : argusdecrypt@mailfence.com
Follow the instructions
If the answer for a long time no
Download Tor browser - h[tt]ps://www.torproject[.]org/download/download-easy
Install Tor browser
Open Tor Browser
Open link in TOR browser: h[tt]p://argusqug6aw25gye[.]onion/
Follow the instructions on this page'
The Argus Ransomware also will change the victim's desktop image, replacing it with the file 'wallpaper.bmp,' which contains the following message:
'Dear admin!
All your files has been encrypted!
For encrypting used cryptographic algorithm RSA2048
Only we can provide you decryptor.
Read the lnstructions.html for more information.
You can find this file everywhere on your PC.
Only we can provide you decryptor.
Do not attempt to decrypt the data yourself.
You might corrupt your files.
Don't Delete Encrypted Files
Don't Modify Encrypted Files
Don't Rename Encrypted Files'
Protecting Your Data from the Argus Ransomware
The best protection from threats like the Argus Ransomware is to have file backups of all of your data. Having copies of your files that are stored on the cloud, an external memory device, or other secure location ensures that you can recover from an Argus Ransomware attack after your data has been compromised. Unfortunately, it may not be a viable task to decrypt the files that have been encrypted by threats like the Argus Ransomware. Apart from file backups, PC security researchers strongly recommend that computer users use a savvy security program that is fully up-to-date to protect their computers from threats like the Argus Ransomware.
