Threat Database Ransomware '.BACKUP File Extension' Ransomware

'.BACKUP File Extension' Ransomware

By GoldSparrow in Ransomware

The '.BACKUP File Extension' Ransomware is an encryption ransomware Trojan that was first observed on May 30, 2018. The '.BACKUP File Extension' Ransomware seems to belong to the CryptoMix family, also known as CryptoShield. The '.BACKUP File Extension' Ransomware, like other ransomware Trojans, is delivered to victims through the use of corrupted spam email attachments primarily. The victim will receive a fake invoice, receipt, or other email type asking the victim to open a file attachment. This file attachment will take the form of DOCX or PDF files containing embedded macro scripts that download and install the '.BACKUP File Extension' Ransomware (or a similar threat) onto the victim's computer. Once installed, the '.BACKUP File Extension' Ransomware will take the victim's files hostage, encrypting them with a strong encryption algorithm. Then, the '.BACKUP File Extension' Ransomware will demand the payment of a ransom in exchange for the decryption key needed to restore the affected content.

A Name that Points to the Solution for the Damage It Causes

The '.BACKUP File Extension' Ransomware is delivered in an executable file named 'backup.exe,' which scans the victim's computer for the user-generated files and then uses a strong encryption algorithm to make them inaccessible. The '.BACKUP File Extension' Ransomware will target a wide variety of files, which include media files, databases, numerous document types and various others. The '.BACKUP File Extension' Ransomware will mark the files it encrypts with the file extension '.BACKUP,' added to the end of each affected file's name. The following are examples of the file types targeted by attacks like the '.BACKUP File Extension' Ransomware:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The '.BACKUP File Extension' Ransomware's Ransom Demand

The '.BACKUP File Extension' Ransomware delivers a ransom note, asking the victim to send an email to a specific email address to receive payment instructions once the victim's files have been encrypted. Malware analysts have already pointed several email addresses associated with the '.BACKUP File Extension' Ransomware. Part of the email addresses that have been linked to the '.BACKUP File Extension' Ransomware (with more probably being added constantly) include:


The '.BACKUP File Extension' Ransomware's ransom note itself is contained in a text file dropped on the infected computer's desktop. This file is named '_HELP_INSTRUCTION.TXT' and contains the following text:

Attention! All your data was encrypted!
For specific information, please send us an email with Your ID number:
[list of email inboxes]
Please send email to all email addresses! We will help You as soon as possible!
DECRYPT-ID-[random characters] number.'

The typical ransom demand for attacks like the '.BACKUP File Extension' Ransomware is on average between 500 and 1000 USD. However, the advice is that computer users avoid paying the '.BACKUP File Extension' Ransomware ransom. It is very unlikely that the criminals responsible for the '.BACKUP File Extension' Ransomware will b willing to help the victims of the attack. They are just as likely to keep the payment for themselves, ask for additional payments, or target the victim with additional threats after the victim has proven a proclivity to pay the '.BACKUP File Extension' Ransomware ransom one time.


Most Viewed