Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan, designed to take victims' files hostage to demand a ransom payment. The '' Ransomware was first observed on February 5, 2019, and carries out a typical version of this well-used tactic. The '' Ransomware is delivered via corrupted spam email attachments, like most encryption ransomware Trojans.

How the '' Ransomware Attack Works

The '' Ransomware is a variant of the Phobos Ransomware, a threat that first appeared on October 21, 2017. The '' Ransomware is nearly identical to this threat, but provides the victims with various contact emails, at least four, as well as establishes contact via Jabber. The '' Ransomware's attack involves using a strong encryption algorithm to make the victims' files inaccessible, targeting the user-generated files, such as the files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Once the victim's files have been modified, the '' Ransomware marks them with the file extension ',' which it will add to each affected file's name. The '' Ransomware also demands a ransom payment. To do this, the '' Ransomware delivers a ransom note in the form of a text file named 'Encrypted.txt,' which is dropped on the infected computer. The '' Ransomware ransom note contains the following message:

'All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the email
In case of no answer in 24 hours write us to theese e-mails:
If there is no response from our mail, you can install the Jabber client and write to us in support of or'

Dealing with the '' Ransomware Infection

Computer users should refrain from paying the '' Ransomware ransom amount or contacting the criminals responsible for the '' Ransomware attack. Instead, strong measures should be taken to protect their data from threats like the '' Ransomware. The best protection is to refrain from opening suspicious online material, such as spam email attachments, and have strong passwords and good security software. Unfortunately, once the '' Ransomware has encrypted the files, they cannot be restored. Therefore, it is essential to have backup copies of your data to be fully protected from ransomware threats like the '' Ransomware. It is important to have these backups stored on protected places, out of reach of these Trojans. Having file backups removes the criminals' leverage to demand ransom payments since the files that are taken hostage by the '' Ransomware attack can simply be deleted and then replaced with the backup copies.


Most Viewed