Embrace Ransomware

The Embrace Ransomware is an encryption ransomware Trojan that is a variant of a threat that had already been observed by PC security researchers and labeled as the Ever or Everbe Ransomware. The Embrace Ransomware, like its predecessors, is delivered using corrupted spam email attachments, commonly taking the form of documents with enabled macro scripts that download and install the Embrace Ransomware onto the victim's computer. There is very little to differentiate the Embrace Ransomware from the many other encryption ransomware Trojans active currently and, as with most encryption ransomware Trojans, the best protection is to have file backups stored on a safe location such as the cloud or an external memory device.

How the Embrace Ransomware Attack Works

The Embrace Ransomware renames the files encrypted by the attack, and these files will have the file extension '[embrace@airmail.cc].embrace' added to their names. The Embrace Ransomware will use a strong encryption algorithm to encrypt the user-generated files. These user-generated files may include various media files and common document formats. The following are examples of the files that threats like the Embrace Ransomware will target in their attack:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Embrace Ransomware attack happens relatively quickly, and once the victim's files are completely inaccessible, it will be impossible to restore access without the decryption key. The Embrace Ransomware evades detection from anti-virus programs by injecting its code into legitimate memory processes. The Embrace Ransomware uses the RSA and AES encryptions to carry out its attack, making it impossible with current technology to regain access to affected files.

The Embrace Ransomware Ransom Note

The Embrace Ransomware delivers a ransom demand after encrypting the victim's files and takes them hostage. The Embrace Ransomware's ransom note takes the form of a text file named '!=How_recovery_files=!.txt,' which it will drop on the infected computer's desktop. The Embrace Ransomware ransom note contains the following message:

'Hi!
If you want restore your files write on email - embrace@airmail.cc
In the subject write - id-[random characters]

Do not try to recover data, it's wasting your time.
Every 7 days the price doubles.'

The Embrace Ransomware doesn't specify the amount it is asking as a ransom, although it is likely to be several hundred United States dollars, to be paid using Bitcoin. However, computer users should not agree with this and avoid contacting the criminals, since the chances of them delivering a decryption key are close to zero, and there is a high probability of becoming prey to additional tactics or infections after establishing contact.

Preventing Attacks Like the Embrace Ransomware

The main method used by threats like the Embrace Ransomware to be delivered through spam email messages. Because of this, preventive measures are essential. Knowing how to recognize these tactics and stop them from arriving in your email inbox are two essential steps in ensuring that you can protect your data. It is also of greatest importance to be able to restore files encrypted by attacks. The best way to carry out this is to have file backups stored on the cloud or on an external memory device, which allows quick access to the backup copies of the files after the attack.

SpyHunter Detects & Remove Embrace Ransomware