Group Ransomware Description
Ransomware threats keep emerging daily, and malware researchers are struggling to keep up with all the new data-locking Trojans that keep popping up. Even shady individuals with little to no experience in the field of cyber crime can develop and distribute their own ransomware threats if they borrow the code of already well-established file-encrypting Trojans and only tweak it a little bit.
Propagation and Encryption
This is precisely the case of the Group Ransomware. Once malware experts spotted this threat, they made sure to dissect it only to reveal that this is a variant of the popular Dharma Ransomware. They have not been able to confirm what are the exact infection vectors employed in the propagation of the Group Ransomware. Some believe that the likely propagation methods used in the spreading of this ransomware threats may be bogus application updates, spam email campaigns, and fake pirated variants of popular software. Regardless of how the Group Ransomware ends up on one's PC, its first job will be to scan the host. The scan is meant to determine the locations of the files which will be marked for encryption. Next, the Group Ransomware will begin locking all the targeted files. Once the Group Ransomware encrypts a file, it will also change its name. The Group Ransomware adds a '.id-
The Ransom Note
When the encryption process is through, the Group Ransomware will drop its ransom note. The note is likely named 'info.hta' or 'RETURN FILES.txt' and states:
All FILES ENCRYPTED "RSA1024"
All YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE E-MAIL firstname.lastname@example.org
IN THE LETTER WRITE YOUR ID, YOUR ID 1E857D00
IF YOU ARE NOT ANSWERED, WRITE TO email:email@example.com
YOUR SECRET KEY WILL BE STORED ON A SERVER 7 DAYS, AFTER 7 DAYS IT MAY BE OVERWRITTEN BY OTHER KEYS, DON’T PULL TIME, WAITING YOUR EMAIL
FREE DECRYPTION FOR PROOF
You can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
When you make sure of decryption possibility transfer the money to our bitcoin wallet. As soon as we receive the money we will send you:
1. Decryption program.
2. Detailed instruction for decryption.
3. And individual keys for decrypting your files.
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
In the note, the authors of the Group Ransomware claim that if the user does not contact them in the period of seven days, their decryption key will be wiped off. The creators of the Group Ransomware claim to be willing to unlock one file free of charge (as long as it does not exceed 1MB in size) to prove that they have a functioning decryption key. The attackers fail to mention a specific sum regarding the ransom fee. It is likely that once the victim gets in touch with them, they will reveal what the ransom fee is and how the user is meant to process the payment. There is one email address provided is 'firstname.lastname@example.org.'
It is never a good idea to contact shady individuals like the authors of the Group Ransomware. Such people are not to be trusted. A safer approach would be downloading and installing a legitimate anti-virus solution and use it to wipe off the Group Ransomware from your system.
Do You Suspect Your PC May Be Infected with Group Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Group Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.