Explorer Ransomware

The Explorer Ransomware is an encryption ransomware Trojan, based on the infamous HiddenTear ransomware platform. Like many other encryption ransomware Trojans active currently, the Explorer Ransomware is designed to take the victim's files captive until a ransom is paid. To do this, the Explorer Ransomware uses a strong encryption algorithm to make the victim's files inaccessible. The Explorer Ransomware will then display a ransom note demanding that the victim pays a large ransom to recover the affected files. It is fundamental to take preventive measures against ransomware threats like the Explorer Ransomware since a single infection can mean a significant loss of data, which cannot be recovered once encrypted.

Exploring HiddenTear Codes

PC security analysts first observed the Explorer Ransomware in the second week of July of 2017. The Explorer Ransomware uses a strong encryption algorithm to make the victim's files unreadable. The Explorer Ransomware is based on the HiddenTear open source platform, a ransomware platform that was made public in August 2015 and has, since then, spawned countless ransomware variants. Although HiddenTear was meant for educational purposes as a proof of concept (according to its creator) originally, the easy access to a ransomware platform like HiddenTear has meant that con artists have been able to release countless ransomware Trojans easily, including an Explorer Ransomware infection.

How the Explorer Ransomware Carries out Its Attack

The most common way of delivering the Explorer Ransomware to the victim's computer is through the use of spam email messages. Victims of the Explorer Ransomware will receive an email message with a file attachment. These file attachments may take the form of DOCX files with corrupted macro scripts that download and install the Explorer Ransomware on the victim's computer. Once the Explorer Ransomware has entered the victim's computer, the Explorer Ransomware will use a powerful cipher method to make the victim's files inaccessible. The Explorer Ransomware will display notifications on the victim's computer alerting the victim of the infection. The Explorer Ransomware also will display its ransom note on the victim's computer by changing the Desktop background image into a black background with a white text, as well as dropping text files named 'READ_IT.txt,' which contain the following text message (misspellings and grammar errors are in the original the Explorer Ransomware ransom note):

'Attention,!!!
All Your Documents ,Photos ,Databases And Other Impotant Personal Files Were Encrypted By A Strong Algorithm With Unique Key
To Restore Your Files, Contact Us With Email Address:
decrypter.files@mail.ru
NOTE: If you Email Us in less than 24 hours, you will be paying half the regular price.
Explorer V1.58'

In its attack, the Explorer Ransomware will ensure that the victim cannot use alternate means to recover the affected files. For example, the Explorer Ransomware will delete the Shadow Volume copies of affected files, which are a method that can be used to recover the files affected by the attack.

Dealing with an Explorer Ransomware Infection and Preventing Its Attacks

Unfortunately, since the Explorer Ransomware uses a strong encryption algorithm, it is not possible to recover files affected by the attack currently. Because of this, make sure that you have file backups, which can allow you to recover the files affected by the Explorer Ransomware without needing to pay a ransom. In fact, file backups are the best way to deal with any encryption ransomware Trojan since they undo the whole ransomware strategy, allowing computer users to restore their files easily. Apart from file backups, use a reliable and up-to-date security program to intercept these ransomware Trojans before they can carry out their attacks. Since the Explorer Ransomware and other ransomware Trojans may be delivered using corrupted email attachments, learning how to spot and deal with spam email tactics also is a paramount part of stopping and preventing threat infections like the Explorer Ransomware.