EbolaRnsmwr Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | October 16, 2018 |
| Last Seen: | October 16, 2018 |
| OS(es) Affected: | Windows |
The EbolaRnsmwr Ransomware is an encryption ransomware Trojan that was first observed on October 13, 2018. The EbolaRnsmwr Ransomware is a variant of HiddenTear, an open source ransomware platform that has been available to criminals since 2015. The EbolaRnsmwr Ransomware is not a sophisticated threat, and functions in a way identical to most encryption ransomware Trojans. These threats are usually designed to make the victim's files inaccessible in an effort to force the victim to pay a ransom in exchange for the return of the affected data.
Ebola Now is Infecting Computer Files
The EbolaRnsmwr Ransomware uses strong encryption algorithms to make the victim's files inaccessible, marking each file it encrypts with the file extension '.101,' added to the end of each affected file's name. The EbolaRnsmwr Ransomware targets the user-generated files, which may include files with the following extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The EbolaRnsmwr Ransomware then delivers a ransom message to the victim in a variety of ways: the EbolaRnsmwr Ransomware will change the infected computer's desktop image, drop a text file named 'READ_ME.txt' on the infected computer's desktop, and display a program window on the infected PC. The new Desktop image will contain the following text:
'YOUR FILE HAVE BEEN ENCRYPTED THIS MEANS YOU
CAN'T USE THEM ANYMORE.
IF YOU WANT YOUR FILES BACK, YOU HAVE TO PAY!
PAYMENT METHODS:
AMAZON GIFTCARD'
The text displayed in the EbolaRnsmwr Ransomware's text file ransom note reads:
'Q:What happened to my Files?
A:Your Files for encrypted, what means you can't use them anymore.
Q: Can I recover my Files?
A:Yes, you can. Follow the Instructons!
Q:Do I have to Pay?
A:Yes, you have. We only accept Amazon Giftcards.!
Q:How I got infected with this?
A:You are prob. very stupid and you tried to download something which is a pirated program.'
Protecting Your Data from Threats Like the EbolaRnsmwr Ransomware
The EbolaRnsmwr Ransomware is commonly delivered via spam email messages or through fake software downloads. Because of this, avoiding this online content is essential in protecting your data from threats like the EbolaRnsmwr Ransomware. Furthermore, it is important to use a security program to remove or intercept the EbolaRnsmwr Ransomware before it carries out its attack. However, since the EbolaRnsmwr Ransomware encrypts the files in a way that makes them irrecoverable, the single best measure to prevent these attacks is to have backup copies of your files stored in a safe location that is out of the reach of these threats, such as the cloud or an external memory device.
