Error Ransomware

The ERROR Ransomware is an encryption ransomware Trojan that was first observed in the final week of August 2017. The ERROR Ransomware is a variant in the CryptMix Ransomware family. The ERROR Ransomware receives its name because of how it identifies the files encrypted by its attack: the ERROR Ransomware adds the file extension '.ERROR' to the end of each affected file's name. The ERROR Ransomware carries out a typical encryption ransomware tactic, using a strong encryption algorithm to make the victim's files inaccessible, and then demanding the payment of a ransom in exchange for the decryption key necessary to restore the affected files.

Without a Decryption Key It is not Possible to Recover the Encrypted Files

The ERROR Ransomware will target the user-generated files. These include audio, video, photos, texts, databases, spreadsheets, and files associated with commonly used software such as Adobe Acrobat, Microsoft Office, WinRAR, and numerous others. Once the ERROR Ransomware has encrypted the files, the victim will no longer be able to access their contents. To recover access to the infected files, a decryption key is required, which its perpetrators hold in their possession. The people responsible for the ERROR Ransomware demand the payment of a ransom from the victim in exchange for the decryption key necessary to recover the affected files.

How the ERROR Ransomware Attack Works

The people responsible for the ERROR Ransomware deliver it to their victims using spam email messages with an attachment that takes the form of a Microsoft Word file. This file includes corrupted macro scripts that download and install the ERROR Ransomware onto the victim's computer. Once the ERROR Ransomware is installed, it scans the victim's computer for eligible files and encrypts them using the AES 256 encryption. The ERROR Ransomware then uses the RSA encryption to encrypt a key generated with the AES 256 algorithm, making it impossible to recover the encrypted files. The ERROR Ransomware renames the affected files by replacing the files' names with 34 random characters and adding the file extension '.error' to the end of each affected file. The files encrypted by the ERROR Ransomware attack will not be accessible and will show up on Windows as blank icons. There are three different email accounts associated with the people responsible for the ERROR Ransomware: 'error01@msgden.com,' 'error02@webmeetme.com,' and 'errorout@protonmail.com' where the con artists will communicate with the victims of the attack.

The ERROR Ransomware and Its Ransom Note

The ERROR Ransomware will deliver a ransom note to the victim as soon as it finishes encrypting the targeted files. This ransom note, named '_HELP_INSTRUCTION.txt,' is dropped on the infected computer's desktop. The ERROR Ransomware ransom note contains the following text:

'Hello!
Attention! All Your data was encrypted!
For specific informartion, please send us an email with Your ID number:
error01@msgden.com,
error02@webmeetme.com
error03@protonmail.com
We will help You as soon as possible!
DECRYPT-ID-[8 CHARACTERS]-[4 CHARACTERS]-[4 CHARACTERS]-[4 CHARACTERS]-[12 CHARACTERS] number

PC security researchers strongly advise computer users not to contact the people responsible for the ERROR Ransomware attack. It is not probable that these people will deliver the decryption key. They are just as likely to ignore the victim, demand more money, or deliver a key that does not work. Even if the victim receives information that allows for the recovery of the affected files, the people responsible for the ERROR Ransomware will use the money to continue financing these attacks. Furthermore, once the victim has demonstrated a willingness to pay, the con artists are likely to target the victim for additional attacks.

Protecting Your Data from the ERROR Ransomware

When it comes to encryption ransomware Trojans, the best approach is to take preventive measures to ensure that your data is protected. The best protection against the ERROR Ransomware and other encryption ransomware Trojans is to have file backups. Having your files backed up on an external memory device or the cloud means that you can recover your files from the backup without having to resort to paying the con artists the ransom that they demand.

SpyHunter Detects & Remove Error Ransomware