Clouded Ransomware

The Clouded Ransomware Trojan was first observed on May 3, 2017. The Clouded Ransomware is being delivered through corrupted spam email attachments, which typically take the form of Microsoft Word documents that use corrupted scripts to download and install the Clouded Ransomware on the victim's computer. Because of this, the best way to prevent attacks like the Clouded Ransomware is to exercise caution when handling unsolicited email attachments, and a good spam filter that can prevent these corrupted email messages from arriving in the victim's email inbox to be opened. The Clouded Ransomware is based on the HiddenTear project, an open source ransomware engine released in Summer of 2015 for 'educational purposes.' Since its release, HiddenTear has spawned countless variants, which include the Clouded Ransomware, released nearly two years afterward.

The Clouded Ransomware Distribution Campaign

Most of the Clouded Ransomware attacks have been concentrated in North America. The Clouded Ransomware runs as an executable file named 'clouded.exe' and targets the user's generated files, which include audio and video files, text and spreadsheets, images, and files generated by software such as Microsoft Office, Libre Office, Photoshop and numerous others. While some ransomware Trojans are designed to attack high-profile victims such as Web servers and business networks, the Clouded Ransomware seems to be designed to infect individual computer users predominantly. Once the Clouded Ransomware enters a computer, it will encrypt files on all local hard drives, directories shared on a network, and removable memory devices. The Clouded Ransomware will mark all files encrypted in its attack with the file attachment '.cloud,' making it relatively simple to realize which files have been encrypted by the Clouded Ransomware attack.

How the Clouded Ransomware Demands Payment from the Victim

Ransomware like the Clouded Ransomware carries out its attack by encrypting the victim's files and then demands the payment of a fee to restore the files to normal. Essentially, the Clouded Ransomware takes the victim's files hostage, extorting the victim to pay to make money at their expense. The Clouded Ransomware displays its ransom note in the form of a program window with a red and white text, which threatens the victim and demands the payment of a ransom. The Clouded Ransomware displays the following ransom note on the victim's computer:

'All your documents have been encrypted by the Clouded Ransomware!
Any new files will deleted, so do not try to download or move/copy files to this computer!
- How do I decrypt my files?
- In order to decrypt your files, you must pay atleast 0.1 BTC to the Bitcoin address
[REDACTED] and press "Check and Decrypt".
- What's Bitcoin?
- It's a cryptocurrency and an electronic payment system. More information at
https://en.wikipedia.org/wiki/Bitcoin
button [Check and Decrypt]
IMPORTANT: DO NOT turn off your computer while this screen is displayed or your files will be lost forever!'

Dealing with the Clouded Ransomware Infection

Unfortunately, the files encrypted by the Clouded Ransomware are not recoverable due to the strength of the encryption used in the attack. Paying the Clouded Ransomware ransom also is not recommended, since it allows the people responsible for the Clouded Ransomware and other attacks to continue developing and releasing these threats. Furthermore, paying the Clouded Ransomware ransom is a gamble because there is no guarantee that the people responsible for the Clouded Ransomware attack will respond with the decryption key, or they will not simply reinfect the victim's computer at a later date. The best protection against the Clouded Ransomware and other ransomware threats is to have backup copies of files on an external memory device. If computer users can get back their files from a backup copy, then the entire strategy behind the Clouded Ransomware attack is undone since the con artists lose any power that they have over the victim that would allow them to demand a ransom payment.

SpyHunter Detects & Remove Clouded Ransomware