Decoder Ransomware Description
The Decoder Ransomware is an encryption ransomware Trojan that seems to be related to the Globe family of ransomware Trojans, which have been active at least since 2016. The Decoder Ransomware attacks were first observed in early November 2017. The Decoder Ransomware is designed to infect victims through spam email messages, which include corrupted file attachments with macro scripts that download and install the Decoder Ransomware onto the victim's computer. Learning to recognize these threats and handling these emails safely is essential in preventing threat attacks like the Decoder Ransomware.
The Decoder that will Encode Your Files
Once the Decoder Ransomware is installed, it will carry out an encryption ransomware attack that is typical of these threats. Threats like the Decoder Ransomware encrypt the victim's files to make them inaccessible, to justify the demand of a ransom from the victims so that they will acquire the decryption key that makes it possible to restore the affected files. The Decoder Ransomware targets the user-generated files, which include media files, images, and commonly used document formats. Examples of the file extensions that threats like the Decoder Ransomware target in their attacks include:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The files encrypted by the Decoder Ransomware attack are marked with the file extension '.decoder,' which the Decoder Ransomware will add to the end of each affected file's name as part of its infection process. The Decoder Ransomware uses strong encryption algorithms that make it impossible to restore files encrypted by the Decoder Ransomware attack without the decryption key.
The size of the ransom demand is unknown at this time, but cyber criminals usually ask for sums between $500 and $1500 paid in Bitcoin or similar cryptocurrencies. Users are allowed to attach a number of encrypted files that total up to a megabyte in size, which is supposed to be restored as a 'gesture of good will' and proof the reversal of the encryption process is possible. Research shows that people behind these kinds of threats tend to ignore their victims, especially once payments have been submitted. Experience shows there is a high probability the victims will be scammed, robbed of their money and left hanging. Ignoring the ransom demands is the most sensible approach to the situation, as there is no guarantee the attackers will return any of the affected data to the state it was in.
Decoder shares similar traits with a number of other ransomware infections, such as Xorist, Crypto Tyrant, Losers, Bad Rabbit and more. Although these are threats developed by different people, they behave in the same manner. The main difference between these threats is the size of the ransom and the kind of encryption algorithm used, most often AES or RSA. Regular data backups are one of the best ways users can avoid this type of situation, as it would make the threat more of an annoyance.
The Decoder Ransomware's Ransom Demands
The Decoder Ransomware will encrypt its victim's files and deliver its ransom note in the form of a text file named 'Instructions.txt,' which is dropped on the infected computer's desktop. The text of the Decoder Ransomware ransom note reads:
'Your personal ID
All your files have been encrypted due to a security problem with your PC.
If you want to restore them, write us to the e-mail:firstname.lastname@example.org
Additional Mailing Address e-mail:email@example.com
How to obtain Bitcoins
** The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
** Also you can find other places to buy Bitcoins and beginners guide here:
Free decryption as guarantee
** Before paying you can send to us up to 1 files for free decryption. Please note that files must NOT contain valuable information and their total size must be less than 1Mb
** Do not rename encrypted files.
** Do not try to decrypt your data using third party software, it may cause permanent data loss.
** Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
Dealing with the Decoder Ransomware
PC security researchers advise computer users against contacting the email addresses mentioned in the Decoder Ransomware's ransom note or trying to negotiate with the criminals. Instead of paying the ransom amount, it is important to have file backups that allow computer users to restore the affected files by replacing the corrupted versions with a backup copy of the affected filed. File backups paired with a reliable security program that is fully up to date are the best protection against ransomware Trojans like the Decoder Ransomware.
Do You Suspect Your PC May Be Infected with Decoder Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Decoder Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.