Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan. The '' Ransomware was first observed on March 18, 2019. The '' Ransomware is being delivered via corrupted spam email attachments mainly. The '' Ransomware carries out an attack that involves taking the victims' files hostage and then the victim needs to pay a ransom to have access to the lost data. The '' Ransomware is derived from Dharma and Crysis, two large families of ransomware.

How the '' Ransomware Attack Works

The '' Ransomware uses the AES and RSA encryptions to make the victim's files inaccessible. The '' Ransomware targets the user-generated files, which may include a wide variety of document types, databases and media files. The '' Ransomware attack renames the affected files, and marks them with the new file extension '.azero.' The following are examples of the files that threats like the '' Ransomware target in these malware attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '' Ransomware delivers a ransom note in the form of a text file named 'FILES ENCRYPTED.txt,' which is dropped on the infected computer. The '' Ransomware ransom note reads as follows:

'all your data has been locked us
You want to return?
write email'

The '' Ransomware also delivers its ransom note in the form of an HTA file named 'Info.hta' that displays a program window with the following ransom message:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Writer this ID in the title of your message: [random characters]
In case of no answer in 24 hours write us to these emails:
You will have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption tool that will decrypt all your files.'

Protecting Your Computer from Threats Like the '' Ransomware

Computer users should not agree with paying the '' Ransomware ransom or contacting the criminals responsible for the '' Ransomware attack. Instead, it is necessary to take steps to protect your data with a security program and by having backup copies of all files. Having backups ensures that in the event of a '' Ransomware attack, the files can be recovered from a backup copy without having to contact the criminals responsible for the attack. Apart from file backups, computer users should instill strong security practices, since threats like the '' Ransomware are typically delivered via corrupted spam email attachments using social engineering techniques that trick computer users into installing the threat themselves.


Most Viewed