Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Ransomware Erif Ransomware

Erif Ransomware

By GoldSparrow in Ransomware
Translate To:
English

Erif Ransomware Image

Malware researchers have spotted a new data-encrypting threat named Erif Ransomware. This new Trojan belongs to the STOP Ransomware family. This ransomware family is the most active one, with over 200 copies released in 2019 alone. The interest in creating copies of the STOP Ransomware does not appear to diminish in 2020 either.

Propagation and Encryption

File-locking Trojans, like the Erif Ransomware, are often distributed with the help of phishing emails. The emails would target users at random. Usually, the phishing email would contain a fraudulent link or a corrupted attachment. Other common infection vectors include fake software updates, malvertising operations, torrent trackers, bogus social media posts, etc. When the Erif Ransomware compromises a computer, it will trigger an encryption process that targets a wide variety of filetypes. Rest assured that one the Erif Ransomware has infiltrated your PC, all of your documents, spreadsheets, presentations, images, audio files, videos, archives, and databases will be encrypted and inaccessible. The encrypted files’ names are changed because the Erif Ransomware marks them with a ‘.erif’ extension. This means that a file named ‘rose-gold.mp3’ will be renamed to ‘rose-gold.mp3.erif’ after the encryption process is completed.

The Ransom Note

The Erif Ransomware will drop a file on the victim’s computer. The file contains the ransom message of the creators of the Erif Ransomware. The name of the files is ‘_readme.txt.’ In the ransom note, the attackers list the demanded ransom fee - $980. However, according to the ransom note, users who get in touch with the attackers within 72 hours will receive a 50% discount, which means that they would have to pay $490. The attackers provide two emails as a means of contacting them – ‘helpmanager@mail.ch’ and ‘restoremanager@airmail.cc.’ The Trojan creators offer to decrypt one file for free provided that it does not contain valuable data.

There is not much advantage in negotiating with cybercriminals. Even users who pay up are likely to remain empty-handed. This is why it is crucial to install a reputable anti-virus utility that will locate and remove the Erif Ransomware.

Related Posts

Trending

Most Viewed

Loading...