Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan that belongs to the RotorCrypt family of ransomware Trojans. The RotorCrypt Ransomware family has been active for several years, but has not attained prominence when compared to threats such as Scarab or Jigsaw variants. However, the RotorCrypt variants carry out an effective encryption ransomware Trojan attack, consisting of taking the victims' files hostage. Then, the '' Ransomware will demand a payment from the victim in exchange for restoring access to the affected data.

The Help Offered by the Criminals may not Be Real

The '' Ransomware spreads mainly through corrupted spam email attachments, often in the form of Microsoft Office documents with compromised embedded macro scripts. These attachments often use social engineering techniques to trick computer users into downloading the unsafe document. Once the document is opened, the '' Ransomware is installed. This threat is designed to scan the victim's computer and then use a strong encryption algorithm to target the user-generated files, making them inaccessible. The '' Ransomware searches for a wide variety of file types, which may include numerous document types, configuration files, databases, media files, and other commonly used user-generated data containers. Threats like the '' Ransomware usually target the files displayed below in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '' Ransomware encryption marks the altered files with the file extension '!__help2decode@mail.com__.a800,' which is added to each file that becomes compromised by the '' Ransomware attack. After the victim's files have been compromised, the '' Ransomware demands a ransom payment. To do this, the '' Ransomware delivers a ransom note in the form of a text note named ‘recovery.instruction.txt.' The '' Ransomware's ransom note demands that the victim pay a large ransom using Bitcoin and contact the criminals via email to get detailed instructions on how to carry out payment.

Dealing with the '' Ransomware Infection and Protecting Your PC

However, it may not be possible to decrypt the files encrypted by a ransomware attack like the '' Ransomware. However, the ‘Rakhni Decryptor' may be successful in this case since it has been working against other variants in this ransomware family, and it does not seem that there are substantial differences between the '' Ransomware and previous variants in this ransomware family. As with most encryption ransomware Trojans, the best protection is to have the means to restore any files that could become compromised, which removes the criminals' leverage to demand a ransom payment. This is why having file backups and storing them on an independent device is the best protection against threats likes the '' Ransomware.


Most Viewed