Everbe 2.0 Ransomware

The Everbe Ransomware is an encryption ransomware Trojan that has appeared in a couple of versions in 2018. The first version of the Everbe Ransomware was released in March 2018. The Everbe Ransomware's most recent version, version 2.0, was released on July 10, 2018. The Everbe 2.0 Ransomware is being distributed to victims through the use of corrupted spam email attachments, often taking the form of Microsoft Office files with embedded macros that download and install the Everbe 2.0 Ransomware onto the victim's computer, like most ransomware Trojans similar to it.

How the Everbe 2.0 Ransomware Attack is Carried Out

The Everbe 2.0 Ransomware attack is almost the same executed by many other encryption ransomware Trojans that are active currently. The Everbe Ransomware will make the victim's files inaccessible by using the AES 256 encryption and the RSA encryption. The Everbe 2.0 Ransomware will target the user-generated files, including numerous documents, databases and media files. Some of the many file types that threats like the Everbe 2.0 Ransomware will encrypt in these attacks include:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The Everbe 2.0 Ransomware will label the affected files with the file extension '.[eV3rbe@rape.lol].eV3rbe,' which is added to the end of each affected file's name.

The Everbe Ransomware’s Ransom Demand

Once the Everbe Ransomware has encrypted the victim's files, the Everbe Ransomware delivers a ransom note in a text file named '!_HOW_RECOVERY_FILES_!.txt,' which is dropped on the infected computer's desktop. The full text of the Everbe Ransomware ransom note reads:

'HELLO, DEAR FRIEND!

3.[ FREE DECRYPTION! ]
Free decryption as guarantee.
We guarantee the receipt of the decryption program after payment.
To believe, you can give us up to 3 files that we decrypt for free.
Files should not be important to you! (databases, backups, large excel sheets, etc.)'

The Everbe Ransomware's ransom note contains some instructions that the victims should follow to recover their data. However, these instructions should be ignored entirely.

Protecting Your Data from Threats Like the Everbe 2.0 Ransomware

The best protection against threats like the Everbe 2.0 Ransomware is to have file backups stored on an external device. Having the ability to restore the files compromised by the Everbe 2.0 Ransomware from a backup copy can help computer users restore their data besides being the best way to ensure that your data is safe. A trustworthy security program that is fully up-to-date should be used to remove the Everbe 2.0 Ransomware infection itself.