Threat Database Ransomware CoNFicker Ransomware

CoNFicker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 43,217
First Seen: April 18, 2017
Last Seen: May 21, 2020
OS(es) Affected: Windows

Although the CoNFicker Ransomware seems to draw its name from a threat infection that has been around for a while, there is no connection between the CoNFicker Ransomware and previous threats with similar names. The CoNFicker Ransomware is a ransomware Trojan released on April 17, 2017, which carries out a typical ransomware tactic. Like most ransomware Trojans, the CoNFicker Ransomware is designed to encrypt the victims' files and then ask for the payment of a ransom in exchange for the decryption key, needed to recover the affected files. The CoNFicker Ransomware may be distributed through corrupted email attachments that use corrupted scripts to execute a compromised code on the victim's computer. The CoNFicker Ransomware is being delivered to the victims' computers in the form of a fake version of WinRAR, software used to create, read, and manage RAR archive files currently.

How the CoNFicker Ransomware will Attack Your Files

When the CoNFicker Ransomware is installed on a computer, it deletes the System Restore points, the Shadow Volume Copies, and other Windows recovery components. It then scans the infected computer's drives for files to encrypt in the attack. The CoNFicker Ransomware will encrypt numerous file types, looking for file formats that could be valuable to the victim. The following are some of the file types that are encrypted in the CoNFicker Ransomware attack:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

The CoNFicker Ransomware is installed in the AppData directory on the infected computer and may create the following files during its attack:

  • C_o_N_F_i_c_k_e_r Decryptor.exe
  • Decrypt.txt
  • conficker.exe
  • ransomwarefineched.exe
  • winrar 2017.exe
  • winrar Setup 2017.exe

To take the victim's files hostage, the CoNFicker Ransomware uses the AES 256 encryption to make the files inaccessible completely. The decryption key that should be used to recover the affected files is held on the CoNFicker Ransomware's Command and Control servers, away from the victim. This is an approach that is used by the vast majority of ransomware Trojans. The CoNFicker Ransomware then delivers a ransom note, demanding payment in exchange for the decryption key. The CoNFicker Ransomware demands a ransom of 0.5 BitCoin (approximately $600 USD at the exchange rate at the time of writing). The CoNFicker Ransomware delivers its ransom note in a text file named 'Decrypt.txt' and in the form of a Desktop wallpaper image that replaces the victim's Desktop image. The text that is contained in the CoNFicker Ransomware's ransom notes reads as follows:

  • 'C_o_N_F_i_c_k_e_r R_A_N_S_O_M_W_A_R_E
    #####
    Attention! Attention! Attention! Your Files has been encrypted By C_o_N_F_i_c_k_e_r R_A_N_S_O_M_W_A_R_E
    #####
    Send 0.5 Bitcoin To @ 1sUCn6JYa7B96t4nZz1tX5muU2W5YxCmS @
    #####
    And Contact us By Email :
    Conficker-decryptor@mail.ru
    If Send 0.5 Bitcoin We will send you the decryption key C_o_N_F_i_c_k_e_r Decryptor'

Protecting Your Computer from the CoNFicker Ransomware

The best protection from ransomware Trojans like the CoNFicker Ransomware is to have backups of all files, preferably on an external memory device or the cloud. Being able to recover files from a backup quickly nullifies the CoNFicker Ransomware attack completely and takes away all power from the people responsible for these infections. Apart from having file backups, it is also primordial to have a reliable security program that is fully up-to-date that is capable of detecting and intercepting the CoNFicker Ransomware infection. Learning to recognize these tactics is also an essential part of dealing with these infections. A combination of caution when dealing with spam email, file backups, and a reliable security software can prevent most of the CoNFicker Ransomware infections and similar threats.

SpyHunter Detects & Remove CoNFicker Ransomware

File System Details

CoNFicker Ransomware may create the following file(s):
# File Name MD5 Detections
1. ggjpkals.ltf 08f3ce046ff7efd50fd60bb3c6457a32 43,215
2. file.exe d9d3381b79fb6e35ba995b4a7ab58b4f 0

Related Posts

Trending

Most Viewed

Loading...