Threat Database Ransomware 'Drugvokrug727@india.com' Ransomware

'Drugvokrug727@india.com' Ransomware

By CagedTech in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 7
First Seen: August 24, 2016
OS(es) Affected: Windows

The 'Drugvokrug727@india.com' Ransomware is a ransomware Trojan that is a variant of the infamous Troldesh (also known as Shade) ransomware family. The 'Drugvokrug727@india.com' Ransomware will use an RSA-2048 (AES-256 encryption) encryption key in its attack, making the files encrypted by the 'Drugvokrug727@india.com' Ransomware completely inaccessible. The 'Drugvokrug727@india.com' Ransomware can be identified easily because, like its many variants, the 'Drugvokrug727@india.com' Ransomware will change the affected files' extensions to '.xbtl' and append the contact email address to the file's name. Fortunately, a decryption utility for the 'Drugvokrug727@india.com' Ransomware and other Troldesh variants was released recently. Your PC security provider will be able to assist you in recovering the files encrypted using the 'Drugvokrug727@india.com' Ransomware and other variants of this threat.

How the 'Drugvokrug727@india.com' Ransomware and Similar Trojans may be Delivered

The most common delivery method associated with the 'Drugvokrug727@india.com' Ransomware is the use of corrupted email attachments. These email messages may contain social engineering content designed to trick computer users into believing that the file contains legitimate content, such as a receipt or tracking information for a shipped package. Because of this, never open file attachments contained in unsolicited email messages and always confirm with the source if an email attachment seems suspicious.

An Infection with the 'Drugvokrug727@india.com' Ransomware may be Devastating

The 'Drugvokrug727@india.com' Ransomware and its variants are designed to target all versions of the Windows operating system. The 'Drugvokrug727@india.com' Ransomware uses a strong encryption method to take the victim's files hostage. As soon as installed, the 'Drugvokrug727@india.com' Ransomware will change the affected computer's settings to ensure that the 'Drugvokrug727@india.com' Ransomware runs whenever Windows starts up automatically. The 'Drugvokrug727@india.com' Ransomware scans the victim's hard drives in search for files to encrypt. The 'Drugvokrug727@india.com' Ransomware will encrypt files that could have some value while avoiding system files that are necessary for Windows to run (since the 'Drugvokrug727@india.com' Ransomware needs Windows to remain functional to deliver a ransom note). The 'Drugvokrug727@india.com' Ransomware encrypts the following file types currently:

.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.

The 'Drugvokrug727@india.com' Ransomware drops text files containing its ransom note on the victim's Desktop and in folders where it has encrypted files. These files contain payment information and alert the victims about the attack. There are various messages that have been linked to the 'Drugvokrug727@india.com' Ransomware and its variants. A typical ransom note associated with the 'Drugvokrug727@india.com' Ransomware reads as follows:

Your computer has been encrypted by cryptographically strong algorithm.
All your files are now encrypted. You have only one way to get them back safely – using original decryption tool. Using another tools could corrupt your files, use it on your own risk. To get original decryptor contact us with email. the 'Drugvokrug727@india.com' Ransomware It is in your interest to respond as soon as possible to ensure the restoration of your files, because we won't keep your decryption keys at our servers more than one week in interest of our security.
PS. only in case you do not receive a response from the first email address within 48 hours, please use this alternative email address Johnycryptor@india.com.

SpyHunter Detects & Remove 'Drugvokrug727@india.com' Ransomware

File System Details

'Drugvokrug727@india.com' Ransomware may create the following file(s):
# File Name MD5 Detections
1. Payload00.exe 3ec1f0f804dc58d16a94e6b6f1350f36 7

Trending

Most Viewed

Loading...