Decryptallfiles3@india.com Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 48 |
| First Seen: | November 29, 2016 |
| Last Seen: | May 22, 2023 |
| OS(es) Affected: | Windows |
The 'Decryptallfiles3@india.com' Ransomware is named after the email address users are supposed to contact in case their data was encrypted. The 'Decryptallfiles3@india.com' Ransomware is an encryption Trojan that is actively dispersed among Windows OS users via spam emails. Fake invoices, payment notifications, and photos from Facebook are known to serves as droppers for the 'Decryptallfiles3@india.com' Ransomware. In many cases, users are lead to believe they need to enable macro and load the document correctly while random characters are scattered across a blank page. Security experts remind users to make sure macro is disabled in their office suite since it is easily abused by threat actors who deploy threats through a macro.
The 'Decryptallfiles3@india.com' Ransomware is based on the Crysis Ransomware
The 'Decryptallfiles3@india.com' Ransomware is one of many Trojans that are based on the Crysis Ransomware. The 'Decryptallfiles3@india.com' Trojan may be hosted on pages with a valid digital certificate, which makes its detection a bit harder. We have received reports that the distribution network that supports the 'Decryptallfiles3@india.com' Ransomware may involve compromised portals and legitimate ad networks. When the 'Decryptallfiles3@india.com' Ransomware invades a system, the Trojan arrives in an encrypted package, which is unpacked with the help of a VBS script. After the payload is saved to the PC, the Trojan is executed immediately, and a scan procedure is imitated. The 'Decryptallfiles3@india.com' Ransomware scans for connected drives including removable drives and builds a list of files that are suitable for encryption.
The 'Decryptallfiles3@India.com' Ransomware is Known to Target Documents and Images Primarily
Security researchers note that the 'Decryptallfiles3@india.com' Ransomware is not very different from the 'Orgasm@india.com' Ransomware and the 'Nomoneynohoney@india.com' Ransomware. The 'Decryptallfiles3@India.com' Trojan uses an AES-256 cipher to encode photos, spreadsheets, presentations, databases and text files. The crypto-threat at hand is programmed to add the '.decryptallfiles3@india.com' extension to enciphered files. For example, 'Pickerelweed.jpeg' is transcoded to 'Pickerelweed.jpeg.decryptallfiles3@india.com' and a ransom notification is presented within an HTA application on the desktop. The notification reads:
'YOUR FILES HAVE BEEN ENCRYPTED!
Your files have been been encrypted with a powerful strain of a virus called ransomware. Your files are encrypted using rsa encryption, the same standard used by the military and banks. It is currently impossible to decrypt files encrypted with rsa encryption.
Lucky for you, we can help. We are willing to sell you a decryptor UNIQUELY made for your computer (meaning someone else's decryptor will not work for you). Once you pay a small fee, we will instantly send you the software/info necessary to decrypt all your files, quickly and easily.
In order to get in touch with us email us at Decryptallfiles3@india.com. In your email write your personal ID (its located at the up of the page, it is a string of random characters). Once we receive your personal ID, we will send you payment instructions.'
The Team Behind the 'Decryptallfiles3@India.com' Ransomware Welcomes Payments via Bitcoins
Computer users that were compromised by the 'Decryptallfiles3@India.com' Ransomware may not have access to backups and may consider paying the ransom. Bitcoin allows for a secure and anonymous transaction between two parties and makes tracking the threat actors rather difficult. Moreover, you are not likely to be provided with a decryptor because the aim of ransomware operators is to infect as many computers as possible and wait for users make payments. Experts recommend using backup images and archives to recover your data safely. It is worth looking into services like Google Drive and Dropbox, which offer free cloud storage to users that wish to secure their data. You might want to incorporate a credible anti-malware scanner into your OS and prevent threats like the 'Decryptallfiles3@India.com' Ransomware from being installed.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.