Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware Trojan is an encryption ransomware Trojan that is a variant of various preexisting threats, and one of the most recent is referred to as the '.com File Extension Ransomware.' The '' Ransomware updates various aspects of previous variants in its ransomware family, including new Command and Control servers and encryption methods. However, at its core, the '' Ransomware carries out a typical encryption ransomware attack, using a strong encryption algorithm to make victims' files inaccessible to demand a ransom payment.

How the '' Ransomware Trojan may Affect Your Computer

The most common way in which the '' Ransomware is delivered to victims is via corrupted spam email attachments. Once installed, the '' Ransomware typically poses as a Windows Update program or other legitimate files while it uses a strong encryption algorithm to work in the background and make the victim's files inaccessible. The '' Ransomware targets the user-generated files, which may include a wide variety of file types, including media files and numerous documents. The '' Ransomware and similar threats target in these attacks the files below:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

After encrypting the victim's files, the '' Ransomware delivers its ransom note in the form of a text file named 'FILES ENCRYPTED.txt' and an HTA file named 'Info.hta.' The '' Ransomware's ransom note contains the following text:

'all your data has been locked us
You want to return?
write email'

Then, the victim will receive an HTA file that delivers a program window containing the following message:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Writer this ID in the title of your message: [random characters]
In case of no answer in 24 hours write us to these emails:
You will have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption tool that will decrypt all your files.'

Dealing with the '' Ransomware

Unfortunately, the '' Ransomware attack uses an encryption method that combines elements of two well-known encryption ransomware families: Crysis and Dharma. The '' Ransomware uses a very strong encryption method that makes the files encrypted by the '' Ransomware attack completely unrecoverable. This is what makes the best protection against threats like the '' Ransomware to have backup copies of all files stored in a safe location. In case of a '' Ransomware infection, the best course of action is to remove the '' Ransomware with a security program and then replace any compromised data from backups.


Most Viewed