'grafimatriux72224733@protonmail.com' Ransomware

The 'grafimatriux72224733@protonmail.com' Ransomware is an encryption ransomware Trojan that seems to be designed to target computer users in Russia and regions where Russian is the primary language. However, there is nothing to stop the 'grafimatriux72224733@protonmail.com' Ransomware from being used to carry out attacks on computer users in other locations. The 'grafimatriux72224733@protonmail.com' Ransomware carries out a typical encryption ransomware attack, making the victim's files inaccessible by encrypting their contents and then demanding a ransom payment from the victim in exchange for the return of the compromised data.

How the 'grafimatriux72224733@protonmail.com' Ransomware Carries Out Its Attack

The 'grafimatriux72224733@protonmail.com' Ransomware is designed to use the RSA 2048 encryption to make the victim's files inaccessible. The 'grafimatriux72224733@protonmail.com' Ransomware's attack will target user-generated files, avoiding the Windows System files and other data needed to keep the victim's operating system functional (so that the criminals responsible for the 'grafimatriux72224733@protonmail.com' Ransomware can still demand a ransom payment from the victim). The 'grafimatriux72224733@protonmail.com' Ransomware targets numerous media files, documents, configuration data, databases and many other types. Threats like the 'grafimatriux72224733@protonmail.com' Ransomware usually will target in these files in its attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The 'grafimatriux72224733@protonmail.com' Ransomware attack will let the files it has as targets marked with a new string, '.Защищено RSA-2048,' which will be added to their file extensions. The 'grafimatriux72224733@protonmail.com' Ransomware tends to avoid data in the Windows and Program Files directories on the targeted computers.

The 'grafimatriux72224733@protonmail.com' Ransomware's Ransom Demands

The 'grafimatriux72224733@protonmail.com' Ransomware demands a ransom payment. The 'grafimatriux72224733@protonmail.com' Ransomware's ransom demand is written in Russian only (most of these threats include multiple languages in their ransom note). The text file that contains the 'grafimatriux72224733@protonmail.com' Ransomware's ransom note is named 'Как все эту шалашкину контору расшифровать.txt.' The criminals offer to decrypt up to five files smaller than 5 MB in this ransom note, to prove that they have the means to help the victims recover their data. The victims are asked to contact the criminals via the email address 'grafimatriux72224733@protonmail.com' and pay an extraordinarily small amount of 50 RUB, or 0.70 USD in Bitcoin. However, computer users are counseled to avoid paying the 'grafimatriux72224733@protonmail.com' Ransomware ransom. The criminals rarely have the intention of helping the victims to recover after the payment is made, and this generally just serves as a way to initiate further malware attacks or demand additional payments from the victim. Although it is usually not possible to recover the data encrypted using the RSA 2048 encryption, it is so poorly implemented in the case of the 'grafimatriux72224733@protonmail.com' Ransomware's attack that some PC security researchers have been successful in recovering files supposedly 'lost' by this infection.