'everest@airmail.cc' Ransomware

The 'everest@airmail.cc' Ransomware is an encryption ransomware Trojan that was first observed on October 25, 2018. The 'everest@airmail.cc' Ransomware is a variant of the Everbe 2.0 Ransomware, a known encryption ransomware Trojan. There is very little to differentiate the 'everest@airmail.cc' Ransomware from the countless other ransomware Trojans being used to carry out attacks on computer users currently.

Symptoms of an 'everest@airmail.cc' Ransomware Infection

The 'everest@airmail.cc' Ransomware can be distributed in different ways; the most used is through corrupted spam email attachments with embedded macro scripts that download and install the 'everest@airmail.cc' Ransomware onto the victim's computer. Once the 'everest@airmail.cc' Ransomware is installed, it encrypts the victim's files, deleting the original versions of the victim's data and leaving only encrypted versions of the victim's data onto the victim's computer. As soon as the victim's files are encrypted, they will be marked with the file extension '.[everest@airmail.cc].EVEREST', added to their files' names. The 'everest@airmail.cc' Ransomware delivers two ransom notes, named 'EVEREST LOCKER.txt' and '新建文本文档.txt.' Below, you will see the English version of the 'everest@airmail.cc' Ransomware's ransom note:

'>>> EVEREST LOCKER <<< HELLO, DEAR FRIEND! 1. [ ALL YOUR FILES HAVE BEEN ENCRYPTED! ] Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the decryption program. 2. [ HOW TO RECOVERY FILES? ] To receive the decryption program write to email: everest@airmail.cc And in subject write your ID: ID-8272588be0 We send you full instruction how to decrypt all your files. If you don't get a reply, then contact us using xmpp: decryptors@xmpp.is 3. [ FREE DECRYPTION! ] Free decryption as guarantee. We guarantee the receipt of the decryption program after payment. To believe, you can give us up to 3 files that we decrypt for free. Files should not be important to you! (databases, backups, large excel sheets, etc.) >>> EVEREST LOCKER <<<'

The 'everest@airmail.cc' Ransomware attacks seem to be focused on Eastern Asia. The 'everest@airmail.cc' Ransomware targets the user-generated files in its attack, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Protecting Your Data from Threats Like the 'everest@airmail.cc' Ransomware

The best way to ensure that your data is safe from threats like the 'everest@airmail.cc' Ransomware is to have file backups. Computer users that have file backups can recover their data after an 'everest@airmail.cc' Ransomware attack easily. Apart from file backups, a security program should be in place to protect your data.