f1220@tuta.io' Ransomware

The 'f1220@tuta.io' Ransomware is an encryption ransomware Trojan that belongs to the Scarab family of ransomware. This large family of ransomware Trojans has been active for a couple of years and released a large number of variants throughout 2018 as part of a RaaS (Ransomware as a Service) campaign. The 'f1220@tuta.io' Ransomware variant of the Scarab family is being delivered to victims through spam email campaigns that feature corrupted attachments mainly. The 'f1220@tuta.io' Ransomware will be downloaded and installed by these files, which are executable files from Microsoft Word named 'Initiatives.'

How the 'f1220@tuta.io' Ransomware Attacks a Computer

The 'f1220@tuta.io' Ransomware executes a characteristic encryption ransomware strike. The 'f1220@tuta.io' Ransomware uses a strong encryption algorithm to make the victim's files inaccessible and then asking for the payment of a ransom in exchange for restoring access to the affected files (essentially taking them hostage). The 'f1220@tuta.io' Ransomware encrypts the victim's files using the AES 256 encryption and also changes the affected files' names, replacing the affected files' names with random characters. The following are samples of the types of files, generally user-generated, that threats like the 'f1220@tuta.io' Ransomware target in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The 'f1220@tuta.io' Ransomware's Ransom Note

The 'f1220@tuta.io' Ransomware delivers its ransom note in the form of a text file named 'HOW TO RECOVER ENCRYPTED FILES.txt,' which contains the following message, delivered to the victim:

'Your files are now encrypted!
Your personal identifier: -
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment, we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: f1220@tuta.io, f1220@mail.ee'

Computer users should avoid contacting the criminals via the two offered email addresses. Instead, they should take preemptive steps to ensure that their data is fully protected from threats like the 'f1220@tuta.io' Ransomware.

Protecting Your Data from Threats Like the 'f1220@tuta.io' Ransomware

The best protection against threats like the 'f1220@tuta.io' Ransomware is to have file backups. Computer users must have backup copies of their files stored on the cloud or an external memory device. Apart from file backups, computer users should use a reliable security program that is fully up-to-date to prevent threats like the 'f1220@tuta.io' Ransomware from being installed on a computer.