Threat Database Ransomware Ransomware Ransomware

By GoldSparrow in Ransomware

PC security researchers first observed the Ransomware, an encryption ransomware Trojan, on October 2, 2018. The Ransomware is based both on the Dharma Ransomware and the Crysis Ransomware, two malware families that have seen numerous releases in the last few years. The Ransomware's family is a hybrid of both variants. The Ransomware is mainly being delivered via spam email messages, which often will use corrupted file attachments with embedded macro scripts to download and install the Ransomware onto the victim's computer.

What are the Consequences of a Ransomware Attack

The Ransomware targets the user-generated files in its attack, which may include a wide variety of images, media files and other document types. The Ransomware has as its main targets the file types specified below:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar

The Ransomware will rename these files by adding the file extension '.btc' to the file's name and including a contact email address as part of the renamed file's name. The Ransomware displays a ransom note, which takes the form of an HTA file named 'Info.hta' and a text file named 'FILES ENCRYPTED.txt.' These files contain the following text message:

'FILES ENCRYPTED.txt' is loaded in the Notepad and features the following text:

'all your data has been locked us
You want to return?
write email'

'Info.hta' is displayed as a generic program window and includes the following notification:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Writer this ID in the title of your message: [random characters]
In case of no answer in 24 hours write us to these emails:
You will have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption tool that will decrypt all your files.'

Protecting Your Data from Threats Like the Ransomware

The best protection against threats like the Ransomware is to have file backups. Apart from the file backups, PC security researchers strongly advise computer users to have a well-accepted security program that is capable of intercepting threats like the Ransomware. Unfortunately, once the Ransomware has encrypted the targeted files, they will not be recoverable without the decryption key.

1 Comment

my all data is encrypted.
Now what i do?


Most Viewed