IFN643 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 1 |
First Seen: | October 31, 2016 |
Last Seen: | January 13, 2020 |
OS(es) Affected: | Windows |
PC security analysts have received reports of a threat attack involving the IFN643 Ransomware, a ransomware Trojan that is active in the wild currently. The first instance of the IFN643 Ransomware that was detected was a version of the IFN643 Ransomware that was still in development. Distribution of a version of the IFN643 Ransomware with a working executable file was not detected when the IFN643 Ransomware infections were first recorded. Malware researchers viewed the IFN643 Ransomware samples on Google's platform VirusTotal, where their author uploaded them. This is a common practice by threat authors, who will upload a sample of their attack to find out if anti-virus programs are capable of detecting the attack. VirusTotal compiles the efforts of multiple anti-virus platforms, providing a great benefit to computer users. However, it is very useful for threat creators that are attempting to test whether their creations can bypass established protection methods.
The IFN643 Ransomware is Still Under Development
The IFN643 Ransomware is a Trojan infection that carries out a ransomware attack similar to most encryption ransomware Trojans, such as CryptoWall or Locky. However, the IFN643 Ransomware attack is still not at that level of sophistication – although the IFN643 Ransomware is still under development and has not been observed carrying out attacks in the wild. The IFN643 Ransomware is designed to encrypt common files that would have value to most computer users. For example, the IFN643 Ransomware will target documents, media files and databases. The IFN643 Ransomware will scan the victim's computer for certain file types, looking for files with the following extensions (among many others):
.3GP, .AVI, .BMP, .CSV, .DJVU, .DOCM, ,DOC, .EPUB, .DOCX .FLV, .GIF, .IBOOKS,.JPEG, .JPG, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PNG, .PPT .PPTX, .PPSX, .RTF, .SWF, .TIFF, .TIF, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML.
Whenever the IFN643 Ransomware detects files with the extensions it is searching for, the IFN643 Ransomware will encrypt them by using a strong encryption algorithm. Files that have been encrypted by the IFN643 Ransomware will become inaccessible. Their icon will appear in the Windows Explorer differently, and their file extension will have been changed to .the IFN643 – once the IFN643 Ransomware is released, it is likely that its extension will also be changed.
The IFN643 Ransomware delivers a ransom note in the form of a text file dropped on the victim's Desktop. The file is quite short, is named 'the IFN643_Malware_readme.txt' and reads as follows:
'Your most critical files have been encrypted 🙂
Send $1000 in Bitcoin to [random characters] if you need them back.'
It is likely that this is a placeholder message for whatever monetization scheme the authors of the IFN643 Ransomware will wish to use in the future. At the current exchange rate, $1000 USD is about 1.4 BitCoin, which may be much too expensive for most computer users. In any case, PC security researchers do not recommend that computer users pay the IFN643 Ransomware's ransom. There is no guarantee that the people responsible for the IFN643 Ransomware attack will keep their promise and restore the victim's files. It is equally likely that they will simply ignore the victim or demand an even larger ransom payment.
Dealing with an IFN643 Ransomware Infection
Although the IFN643 Ransomware is not yet active in the wild, dealing with these infections is similar to how computer users would deal with other, similar threats. PC security researchers advise computer users to remove the IFN643 Ransomware with the help of a reliable security program or wipe clean the affected computer. Files encrypted by the IFN643 Ransomware can be restored from a backup. This is why the best preventive method for the IFN643 Ransomware and other ransomware Trojans is to establish backups of important files. If files are backed up, computer users can simply replace the encrypted copies with backups and avoid having to deal with the IFN643 Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.