'data_safe@mail.com' Ransomware

The 'data_safe@mail.com' Ransomware is an encryption ransomware Trojan that was first released on November 29, 2018. The 'data_safe@mail.com' Ransomware is delivered by taking advantage of poor Remote Desktop Protocol connections. The 'data_safe@mail.com' Ransomware's main intended victims are small and medium businesses and business networks.

How the 'data_safe@mail.com' Ransomware Attacks a Computer

Threats like the 'data_safe@mail.com' Ransomware are designed to take the victim's files hostage. To do this, the 'data_safe@mail.com' Ransomware uses an encryption algorithm to encrypt the user-generated files, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The 'data_safe@mail.com' Ransomware will delete the Shadow Volume Copies, and the System Restore points to prevent the victims from restoring any file encrypted by the 'data_safe@mail.com' Ransomware's attack. The 'data_safe@mail.com' Ransomware will then deliver a ransom note in the form of a text file named '##IMPORTANT_NOTICE##.txt,' containing the following message for the victim:

'Greetings,
There was a serious security breach in your systems, and this was detected during our scans.
We encrypt your data that you see important in your system by processing twice. As encryption is done as SHA256 and AES256, we would like to remind you that you can not restore your data with known data recovery methods. If you want to use data recovery companies or programs on your side, please do not worry about your actual files,
process and / or make copies of them. Corruption of the original files may cause irretrievable damage to your data.
It is useful to know that random deletion techniques are used 3 times when you delete, you can not bring back deleted data by known methods.
These methods will only cause you to lose time.
If you wish, you can contact us via the following communication to resolve this issue.
Do not forget to add the specially generated code below when you want to reach it.
SITE_CODE:[hex code strings]
data_safe@mail.com
datasafe@airmail.cc'

The 'data_safe@mail.com' Ransomware marks the files encrypted by its attack with a file extension of randomly generated alphabetical characters. In the variant observed recently, the string 'peosajwqfk' was used as a new file extension.

Protecting Your Data from the 'data_safe@mail.com' Ransomware

PC users are strongly advised to have backup copies of all data and storing these backups in a safe location, inaccessible by threats like the 'data_safe@mail.com' Ransomware. Having file backups allows the victims of the 'data_safe@mail.com' Ransomware to restore any data compromised by the attack. Apart from file backups, computer users must use a security assistant that is fully up-to-date to intercept threats like the 'data_safe@mail.com' Ransomware before they carry out their attacks and compromise the victim's files using their encryption algorithm.