Threat Database Ransomware '.excuses File Extension' Ransomware

'.excuses File Extension' Ransomware

By GoldSparrow in Ransomware

The '.excuses File Extension' Ransomware is an encryption ransomware Trojan that was first reported on April 2nd, 2018. The '.excuses File Extension' Ransomware is a variant of HiddenTear, an open source ransomware platform that has been responsible for numerous ransomware variants being used today. The '.excuses File Extension' Ransomware has nothing unique since it is nearly identical to the countless HiddenTear variants being used to attack computer users today. The '.excuses File Extension' Ransomware, as its name indicates, will mark the files that it takes hostage in its attack by adding the file extension '.excuses' to their names.

How Threats Like the '.excuses File Extension' Ransomware Work

Ransomware Trojans like the '.excuses File Extension' Ransomware carry out an attack that involves taking the victims' files hostage. To do this, the '.excuses File Extension' Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. The files encrypted by the attack will show up as blank icons, and their data will not be accessible without the decryption key, which the cybercrooks hold in their possession. Threats like the '.excuses File Extension' Ransomware target the user-generated files, which may include the following file types:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The '.excuses File Extension' Ransomware marks the files encrypted by the attack by adding a new file extension to the affected files' names. The '.excuses File Extension' Ransomware also will delete the Shadow Volume Copies of the affected files and the System Recovery points on the infected computer to prevent the victims from restoring access to the infected files by using these alternate means. The '.excuses File Extension' Ransomware delivers a ransom note in the form of a text file that is dropped on various locations on the infected computer, including the desktop. This file, named 'MESSAGE.txt,' contains the following ransom note message:

'Приобрести декриптор можно до 02.04.2018
Запросить стоимость: excuses@protonmail.com

В ТЕМЕ письма укажите ваш ID: [redacted numbers]
Письма без указания ID игнорируются.

Убедительная просьба не пытаться расшифровать файлы сторонними инструментами.
Вы можете их окончательно испортить и даже оригинальный декриптор не поможет.

Заявки обрабатываются автоматической системой.'

The above message, in Russian, has been translated into English:

'You can buy the decryptor before 04/02/2018
Request cost: excuses@protonmail.com

In the subject of the letter, indicate your ID: [redacted numbers]
Letters without an ID are ignored.

Please do not try to decrypt files with third-party tools.
You can ruin them entirely and even the original decryptor will not help.

Applications are processed by an automated system.'

Dealing with the '.excuses File Extension' Ransomware Infection

PC security researchers counsel computer users to refrain from writing to the con artists' email address or paying the ransom amount. The people associated with these attacks will almost never help the victims recover their files after the attack, and may target them for additional infection or demand more money, or more often will simply ignore the victims after they have paid the ransom amount. The best protection from the '.excuses File Extension' Ransomware is to have file backups, which can help computer users restore their files after they have been made unusable by the '.excuses File Extension' Ransomware or another encryption ransomware Trojan.

Trending

Most Viewed

Loading...