GrujaRSorium Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 1 |
First Seen: | November 18, 2018 |
Last Seen: | November 18, 2018 |
OS(es) Affected: | Windows |
The GrujaRSorium Ransomware is an encryption ransomware Trojan that was first observed on November 11, 2018. The GrujaRSorium Ransomware is typically delivered to the victims via corrupted spam email attachments, often containing documents with embedded macro scripts that download and install the GrujaRSorium Ransomware onto the victim's computer. PC users are advised to take steps to protect their PCs from threats like the GrujaRSorium Ransomware.
How the GrujaRSorium Ransomware Carries Out Its Attac
Once installed, the GrujaRSorium Ransomware will take over the victim's machine, and use a strong encryption method to make the victim's files inaccessible. The GrujaRSorium Ransomware is a small file that is written using VisualBasic, and once it deploys its attack, it will target the user-generated files onto the victim's computer, encrypts them to take them captive, and then demand a ransom payment. The following are examples of the types of files that threats like the GrujaRSorium Ransomware may target in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The victims are required to contact the criminals via an aol.com email address as soon as their files are encrypted. Computer users can recognize the files encrypted by the GrujaRSorium Ransomware easily because the GrujaRSorium Ransomware will add file extensions such as '.aes,' '.aesed,' and '.GrujaRS' to the data compromised by the GrujaRSorium Ransomware attack. The GrujaRSorium Ransomware changes the infected PC's desktop image into a ransom note that includes text in black, red, and blue over a white background. This ransom note contains the following text message for the victim:
'all your files have been encrypted, if you want to restore it, send 1 encrypted file to it email:
no_restore_it@aol.com
ATTENTION!! You have 1 week to contact us, after 1 week, decrypting has been inposible
* - realy not restore!'
Dealing with Threats Like the GrujaRSorium Ransomware
Computer users need to ensure that their data is safe from threats like the GrujaRSorium Ransomware. The best protection against this threat kind is to have a reliable security application that is fully up-to-date, which can prevent the GrujaRSorium Ransomware from being installed in the first place. However, since the GrujaRSorium Ransomware uses an encryption method that makes the files very difficult to be restored, it is important that computer users have backup copies of their data. The file backups are the best way to ensure that you can restore your data after it has been compromised by an attack such the GrujaRSorium Ransomware's. Since the GrujaRSorium Ransomware is typically delivered using corrupted spam email attachments, it is also necessary that computer users learn how to handle this content safely