Eternal Ransomware
The Eternal Ransomware is an encryption ransomware Trojan that is used to carry out attacks on computers running the Windows operating system. There is very little to differentiate the Eternal Ransomware from the many other encryption ransomware Trojans active today. The Eternal Ransomware is commonly delivered to victims through spam email attachments, which often exploit vulnerabilities in the Microsoft Office to run embedded macro scripts that download and install the Eternal Ransomware onto the victim's computer. Learning to recognize these tactics and avoiding unsolicited email attachments is essential in stopping attacks like the Eternal Ransomware. Disabling the automatic running of macros can be a small step in ensuring that you do not fall prey to these attacks.
An Attack that can Render Your Files Unusable Eternally
The Eternal Ransomware is virtually identical to most encryption ransomware Trojans active today. The Eternal Ransomware uses the AES 256 encryption to make the victim's files inaccessible by its attack. The Eternal Ransomware targets the user-generated files in its attack while avoiding the Windows system files or applications. The files that threats like the Eternal Ransomware may target in their attacks include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Eternal Ransomware will deliver a ransom note and drop a 'decryptor' in the form of a file named 'ETERNAL_RANSOMWARE_DECRYPTOR,' which will be placed on the infected computer's desktop. The Eternal Ransomware also will change the infected computer's desktop wallpaper into a message demanding the payment of a ransom to get their files back to normal. This ransom note is also delivered in a text file named '_YOUR_FILES_GOT_ENCRYPTED_.txt' that is placed on the affected computer's desktop. The whole text of the Eternal Ransomware ransom note reads:
'Hello,
Your files got encrypted by the
ETERNAL _RANSOMWARE
There's no escape until you pay me
Follow the instructions on the decryptor
Good Luck.'
The message delivered to the victim's desktop wallpaper takes the form of red text over a black background that has the following text:
'ATTENTION,
YOUR FILES, DOCUMENTS AND PHOTOS GOT ENCRYPTED
THEY WERE ENCRYPTED WITH RSA-4096, AES256
AND A MILITARY CODE.
YOU CAN'T DECRYPT THEM UNLESS YOU PAY ME 500$
RUN THE ETERNAL DECRYPTOR FOR MORE INSTRUCTIONS
GOOD LUCK.'
Unfortunately, this message is not lying; after the Eternal Ransomware finishes encrypting a file it cannot be recovered. However, paying the amount demanded by the criminals will not bring back the lost data in most of the cases since they will almost never assist in recovering the files and are just as likely to carry out additional attacks or harass the victim in other ways. Furthermore, paying the Eternal Ransomware ransom allows criminals to continue financing these attacks and carrying out more hoaxes like this one in the future.
Protecting Your Data from Threats Like the Eternal Ransomware
The best protection against threats like the Eternal Ransomware is to have file backups readily available, stored on an offline memory device or the cloud. Having these allows victims of the Eternal Ransomware attack to recover their files quickly without needing to negotiate with criminals. A reliable security program also should be used to prevent infections like the Eternal Ransomware from taking hold of your PC.
