Estemani Ransomware

The Estemani Ransomware is a file-locking Trojan, which targets a very long list of file types. This ensures maximum damage once it manages to infiltrate a user's system. This data-encrypting Trojan propagates itself by masquerading as different content such as pirated applications, game cracks, cheat codes for popular games, and archives in the shape of a '.zip' files.

When the Estemani Ransomware compromises a computer, it will scan it to locate the file types, which will later be locked. Then, the encryption process will take place. Once the Estemani Ransomware encrypts a file, it changes its name by adding a '.estemani' extension at the end of the filename. Then, the Estemani Ransomware drops a ransom note. The note is named 'HOW_DECRYPT_FILES.txt,' which contains the ransom message of the attackers that reads:

’Greetings,
We are pleased to announce successful encryption of your machine.
All the hosts in your network have been encrypted with FUD and powerful encryption algorithm(s) - RSA-2048 + Salsa20.
Any attempt to decrypt data by yourself is futile.
Read more:
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
https://en.wikipedia.org/wiki/Salsa20
The cost for decryption begins from 0.75 Bitcoins (BTC) and depends on your business size.
Email address: estemaniii@airmail.cc
HOST ID: XXCLO***
To avail decryption software and service send details about unique HOST ID and the contact email address and Follow the instructions for hassle free decryption process.
Note: The Host ID and Email addresses are unique and private. Any leak of information will result in direct ban to our services.
We won't be responding to any communications about free decryption. We follow simple business policy - No Money! No Decryption.’

The creators of the Estemani Ransomware claim to have a functional decryption key, which will supposedly unlock all the encrypted files. The attackers do not seem to shy away from setting the bar high – they require at least 0.75 Bitcoin (which is approximately $7,500 at the time of typing this post). In the note, the attackers also state that in case their ransomware threat has infected a system that belongs to a company, the ransom fee will be higher. They provide an email address where the victim can get in touch with them – 'estemaniii@airmail.cc.'

Unfortunately, malware researchers are yet to release a free decryption tool for the Estemani Ransomware. We would strongly advise you against paying up the ransom fee, however. There is no guarantee that the creators of the Estemani Ransomware will provide you with a decryption key even if you pay. You should use a reputable anti-virus software suite to remove the Estemani Ransomware from your system safely. Then, if you have a backup of your data, you can recover your files. If you do not, you can attempt to recover some of the files using a third-party data recovery tool.