Threat Database Ransomware GrujaRSorium Ransomware

GrujaRSorium Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1
First Seen: November 18, 2018
Last Seen: November 18, 2018
OS(es) Affected: Windows

The GrujaRSorium Ransomware is an encryption ransomware Trojan that was first observed on November 11, 2018. The GrujaRSorium Ransomware is typically delivered to the victims via corrupted spam email attachments, often containing documents with embedded macro scripts that download and install the GrujaRSorium Ransomware onto the victim's computer. PC users are advised to take steps to protect their PCs from threats like the GrujaRSorium Ransomware.

How the GrujaRSorium Ransomware Carries Out Its Attac

Once installed, the GrujaRSorium Ransomware will take over the victim's machine, and use a strong encryption method to make the victim's files inaccessible. The GrujaRSorium Ransomware is a small file that is written using VisualBasic, and once it deploys its attack, it will target the user-generated files onto the victim's computer, encrypts them to take them captive, and then demand a ransom payment. The following are examples of the types of files that threats like the GrujaRSorium Ransomware may target in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The victims are required to contact the criminals via an aol.com email address as soon as their files are encrypted. Computer users can recognize the files encrypted by the GrujaRSorium Ransomware easily because the GrujaRSorium Ransomware will add file extensions such as '.aes,' '.aesed,' and '.GrujaRS' to the data compromised by the GrujaRSorium Ransomware attack. The GrujaRSorium Ransomware changes the infected PC's desktop image into a ransom note that includes text in black, red, and blue over a white background. This ransom note contains the following text message for the victim:

'all your files have been encrypted, if you want to restore it, send 1 encrypted file to it email:
no_restore_it@aol.com
ATTENTION!! You have 1 week to contact us, after 1 week, decrypting has been inposible
* - realy not restore!'

Dealing with Threats Like the GrujaRSorium Ransomware

Computer users need to ensure that their data is safe from threats like the GrujaRSorium Ransomware. The best protection against this threat kind is to have a reliable security application that is fully up-to-date, which can prevent the GrujaRSorium Ransomware from being installed in the first place. However, since the GrujaRSorium Ransomware uses an encryption method that makes the files very difficult to be restored, it is important that computer users have backup copies of their data. The file backups are the best way to ensure that you can restore your data after it has been compromised by an attack such the GrujaRSorium Ransomware's. Since the GrujaRSorium Ransomware is typically delivered using corrupted spam email attachments, it is also necessary that computer users learn how to handle this content safely

Trending

Most Viewed

Loading...