Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware Trojan is an encryption ransomware Trojan that was observed on March 22, 2019. The '' Ransomware is part of a group of ransomware variants that are derived from two previously known ransomware threats, the Crysis Ransomware family of ransomware and the Dharma family of ransomware Trojans. Ransomware Trojans based on a combination of the code of these two first started to appear in the last months of 2018, and the '' Ransomware is only one of the most recent variants in this ransomware family. The '' Ransomware carries out a typical encryption ransomware attack, keeping the victim's files locked to ask for a ransom payment from the victim in exchange for restoring access to the compromised files.

How the '' Ransomware can Enter a Computer

The '' Ransomware is typically delivered to the victims via spam email attachments that were corrupted previously, which often take the form of Microsoft Office files with embedded macro scripts that download and install the '' Ransomware onto the victim's computer. The '' Ransomware, to carry out its attack, uses a strong encryption algorithm to make the victim's files inaccessible. The '' Ransomware makes the targeted files easy to recognize because the '' Ransomware will rename the files by adding the file extension '.id-.[].bk666' to each affected file. The '' Ransomware targets the user-generated files, which may include a wide variety of data containers. The following are examples of the files that threats like the '' Ransomware target in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '' Ransomware delivers its ransom note after the files have been encrypted, demanding that the affected computer users pay a ransom to recover the files compromised by the '' Ransomware attack. The '' Ransomware delivers its ransom note in a text file named 'FILES ENCRYPTED.txt' that it drops on the infected computer's desktop. The victim is asked to contact the criminals responsible for the '' Ransomware attack via email. The '' Ransomware and its variants have been linked to several emails.

Protecting Your Data from Threats Like the '' Ransomware

The best protection against threats like the '' Ransomware is to have backup copies of all files. Having backup copies ensures that the victims of the '' Ransomware attack do not need to contact the criminals, removing any leverage enjoyed by the criminals in the attack. File backups stored on services like the cloud or external memory device are the best way to ensure that your data is recoverable after a malware attack. It is a necessary security measure to have a strong security program that is capable of detecting and removing threats like the '' Ransomware besides the file backups.


Most Viewed