The IGAMI Ransomware is a data-locking Trojan that was spotted by researchers recently. It appears that this ransomware threat belongs to the infamous Globe Imposter Ransomware family that has been gaining traction recently.
It is not yet confirmed how the IGAMI Ransomware is being propagated, but it is highly likely that the usual methods may be involved – faux software updates, infected pirated software and spam email campaigns. Once it has landed on your PC, the IGAMI Ransomware starts a scan whose goal is to locate the files that the IGAMI Ransomware is programmed to target. Then, the IGAMI Ransomware begins the encryption process and locks the data. After a file has been encrypted, you may notice that the IGAMI Ransomware has changed its name. The IGAMI Ransomware adds the '.IGAMI' extension to the newly locked files so that, for example, a file with the name 'hand-cream.png' would be renamed to 'hand-cream.png.IGAMI' when this ransomware threat finishes encrypting it.
In the next step of the attack, the IGAMI Ransomware will drop a ransom note. The note is named 'how_to_back_files.html' and, unlike most ransomware notes, is pretty extensive and informative. It starts with an all caps message stating 'YOUR FILES ARE ENCRYPTED' accompanied by two skulls on each side of the sentence. The authors of ransomware are known to use social engineering tactics to scare and pressure their victims into complying with their demands. The creators of the IGAMI Ransomware offer the user to send them one text file or image, which they would decrypt free of charge so that they can prove that they have a decryption tool. The file must be sent to either firstname.lastname@example.org or email@example.com. The victims are then instructed to add their uniquely generated ID in the email they are meant to send. The attackers state that only after the user has gotten in touch with them, they will say what the ransom fee will be. As authors of ransomware threats usually do, the attackers warn that any attempts of recovering the data via third-party software will result in all the permanent loss of the files.
It is never smart to contact cybercriminals. We would advise you not to pay these people because there is no guarantee that they will send you a decryption tool in exchange for your money. A safer approach is to remove the IGAMI Ransomware from your system using a reputable anti-spyware suite.