Threat Database Ransomware Australian-AES Ransomware

Australian-AES Ransomware

By GoldSparrow in Ransomware

The Australian-AES Ransomware is an encryption ransomware Trojan that was first observed on January 24, 2019. The Australian-AES Ransomware claims to use the amounts raised by its ransomware attacks to help charitable causes. Regardless, the Australian-AES Ransomware attack is effective and similar to most encryption ransomware Trojans active currently.

It is Australia that is Being Targeted by Ransomware Attacks

The Australian-AES Ransomware targets the user-generated files, using a strong encryption algorithm to target the files with file extension such as the following:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Australian-AES Ransomware will then display a program window with the title 'YOUR FILES HAVE BEEN ENCRYPTED. DO NOT CLOSE.' This program window contains two panels, which read as follows:

'Why have my files been encrypted?
Your files have been encrypted This includes many of your important documents and other types of files, database, system files and more Upon inspecting these encrypted files you may discover that they are using an unbreakable encryption algorithm, which can only be unlocked and decrypted with a special key.
This key can only be obtained through a bitcoin payment listed below This is a certain way to recover and safely decrypt all your important files to get them back All files after the amount is paid in full will be decrypted. This offer only has a certain time limit though, and it's your choice whether you want the key permanently destroyed. So your files can not be decrypted at all.
For some background info, this is a simple. fund raiser attempt in the desperate. dark void of the Internet. It's a noble thought intended to be good, as it's also been thought for years, but it's job is by doing right by those bad All funds collected are filtered, then giving to charities that matter. so that as a collective of victims, a bigger reward is given to those who need it If a small amount, is multiplied by thousands. those small interruptions in those people's lives, come at a greater cost for those who benefit from it more.

— 'Purchase Bitcoin' and 'Decrypt.' Researchers alert that the decryption code is shown on the user's screen after the countdown timer reaches 0, but you should not restart the PC, turn off the power or kill the decryptor application beforehand. The decryption code is presented with a dialog box that says:

'The decryption key was never going to be deleted, your files are now able to be unencrypted. To do so, click the 'I have purchased the BTC' checkbox and using the decryption key, enter it into the textbox and click decrypt. Watch as your files magically unencrypt. Thanks for the donation. Times up!'

Typing Ctrl+M will cause two new dialog boxes to appear. These, titled “Secret” and “Decrypting...” read as follows:

'If you found this by accident, nice luck. The decryption key is released
before the timer, you can now decrypt your files.'

'Your files are now being decrypted. DO NOT close the application or
your files will be corrupted and unrecoverable. This program will alert
upon completion of deletion.'

There are signs that the Australian-AES Ransomware may be intended as a prank, but it has the potential to cause irreparable harm to the victims' data.

Preventing the Australian-AES Ransomware Attacks

The best way to prevent the Australian-AES Ransomware attacks is to have file backups, which allow the victims to restore the data encrypted by ransomware Trojans. The Australian-AES Ransomware and similar threats can be blocked from being installed, which can be accomplished by having an updated security program installed and running. Since these threats spread via spam email messages and corrupted websites commonly, learning to recognize and avoid these threats is also essential.


Most Viewed