Azer Ransomware

The Azer Ransomware is an encryption ransomware Trojan that was observed in early June 2017. The Azer Ransomware is a variant of CryptMix, a known ransomware Trojan. The Azer Ransomware encrypts its victims' files using a strong encryption method and then adds the string '-email-[E-MAIL].AZER' to the end of each affected file's name. The Azer Ransomware will then display a ransom note demanding a ransom payment. The people responsible for the Azer Ransomware infection have been known to use two email addresses to establish contact with the victims of the attack: 'webmafia@asia.com' and 'donald@trampo.info.' These email addresses had been observed in previous ransomware attacks, particularly in the Donald Trampo Ransomware Trojan. Because of this, it is clear that the same group created the Azer Ransomware responsible for these previous attacks. The most common way in which the Azer Ransomware is being delivered to victims via spam email messages containing corrupted attachments.

Another Game-Named Ransomware Attacking Unsuspected PC Users

When the victim opens the corrupted email attachment, a compromised macro script will attempt to download and install the Azer Ransomware on the victim's computer. A User Account Control pop-up message will appear. Computer users that allow the script to run will allow the Azer Ransomware to be installed. Once the Azer Ransomware has been installed, it will scan the victim's computer to find the files with targeted extensions (usually user-generated files such as media files and commonly used documents). The Azer Ransomware may run as an executable file named 'gangbang.exe' on the victim's computer. During its attack, the Azer Ransomware will use a combination of the RSA and AES encryptions to make the victim's files inaccessible. The files encrypted by the Azer Ransomware attack will no longer be recoverable and will be identified easily because of the file extension added to the end of the files' names. The Azer Ransomware further modifies the affected files' name by encrypting the files' name and exchanging it with a string of numbers and letters.

The Azer Ransomware’s Ransom Demand

The Azer Ransomware delivers its ransom note in the form of a text file named '_INTERESTING_INFORMACION_FOR_DECRYPT.TXT,' which is dropped on the infected computer's Desktop. Below is the full text contained in the Azer Ransomware ransom message:

'All you files encrypted
For decrypt write to email:
webmafia@asia.com
donald@trampo.info
You ID - [RANDOM CHRACTERS]'

Although not mentioned in the Azer Ransomware ransom note, the average ransom payment is approximate $300 USD, to be paid in Bitcoins. However, previous variants in the Azer Ransomware family have demanded amounts as low as $50 USD and as high as $1800 USD. Regardless of the amount, PC security analysts strongly advise computers to refrain from paying the Azer Ransomware ransom amount.

Dealing with the Azer Ransomware

Since the files encrypted by the Azer Ransomware attack become inaccessible, PC security researchers strongly advise computers to take steps to safeguard their data. The best protection against ransomware Trojans like the Azer Ransomware is to have file backups on an external device or the cloud. Been able to recover the affected files from a backup copy can help computers users recover from an Azer Ransomware attack without needing to pay a ransom, and removing the leverage the con artists gain over their victims. In fact, file backups remain the best protection against the Azer Ransomware and similar ransomware Trojans, and if a point where most computers have file backups is reached, then these attacks will likely disappear since they will no longer be effective.

Apart from file backups, a reliable security program is an essential part of protecting your data from attacks like the Azer Ransomware. Since the Azer Ransomware may be delivered using spam email attachments, spam email filters and learning how to handle this content safely are also an important part of protecting your PC.

SpyHunter Detects & Remove Azer Ransomware