Ransomware Ransomware Description

The '' Ransomware is named after the email address users are supposed to contact in case their data was encrypted. The '' Ransomware is an encryption Trojan that is actively dispersed among Windows OS users via spam emails. Fake invoices, payment notifications, and photos from Facebook are known to serves as droppers for the '' Ransomware. In many cases, users are lead to believe they need to enable macro and load the document correctly while random characters are scattered across a blank page. Security experts remind users to make sure macro is disabled in their office suite since it is easily abused by threat actors who deploy threats through a macro.

The '' Ransomware is based on the Crysis Ransomware

The '' Ransomware is one of many Trojans that are based on the Crysis Ransomware. The '' Trojan may be hosted on pages with a valid digital certificate, which makes its detection a bit harder. We have received reports that the distribution network that supports the '' Ransomware may involve compromised portals and legitimate ad networks. When the '' Ransomware invades a system, the Trojan arrives in an encrypted package, which is unpacked with the help of a VBS script. After the payload is saved to the PC, the Trojan is executed immediately, and a scan procedure is imitated. The '' Ransomware scans for connected drives including removable drives and builds a list of files that are suitable for encryption.

The '' Ransomware is Known to Target Documents and Images Primarily

Security researchers note that the '' Ransomware is not very different from the '' Ransomware and the '' Ransomware. The '' Trojan uses an AES-256 cipher to encode photos, spreadsheets, presentations, databases and text files. The crypto-threat at hand is programmed to add the '' extension to enciphered files. For example, 'Pickerelweed.jpeg' is transcoded to '' and a ransom notification is presented within an HTA application on the desktop. The notification reads:

Your files have been been encrypted with a powerful strain of a virus called ransomware. Your files are encrypted using rsa encryption, the same standard used by the military and banks. It is currently impossible to decrypt files encrypted with rsa encryption.
Lucky for you, we can help. We are willing to sell you a decryptor UNIQUELY made for your computer (meaning someone else's decryptor will not work for you). Once you pay a small fee, we will instantly send you the software/info necessary to decrypt all your files, quickly and easily.
In order to get in touch with us email us at In your email write your personal ID (its located at the up of the page, it is a string of random characters). Once we receive your personal ID, we will send you payment instructions.'

The Team Behind the '' Ransomware Welcomes Payments via Bitcoins

Computer users that were compromised by the '' Ransomware may not have access to backups and may consider paying the ransom. Bitcoin allows for a secure and anonymous transaction between two parties and makes tracking the threat actors rather difficult. Moreover, you are not likely to be provided with a decryptor because the aim of ransomware operators is to infect as many computers as possible and wait for users make payments. Experts recommend using backup images and archives to recover your data safely. It is worth looking into services like Google Drive and Dropbox, which offer free cloud storage to users that wish to secure their data. You might want to incorporate a credible anti-malware scanner into your OS and prevent threats like the '' Ransomware from being installed.

Infected with Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 13 + 3 ?