IGotYou Ransomware

PC security researchers first observed the IGotYou Ransomware, an encryption ransomware Trojan, on November 22, 2017. The IGotYou Ransomware is being delivered through spam email messages. As part of a spam email campaign, computer users will receive emails that seem to come from legitimate sources such as FedEx, DHL, Amazon or Paypal. The message prompts them to open a file attachment, typically a Microsoft Word document. When the victim opens the file, a corrupted script downloads and installs the IGotYou Ransomware onto the victim's computer. The IGotYou Ransomware functions like most encryption ransomware Trojans, using a strong encryption method to make the victim's files inaccessible. This allows the IGotYou Ransomware to take the victim's files hostage since they can only be recovered with a decryption key that the cybercrooks hold in their possession. The IGotYou Ransomware will deliver a ransom note threatening the victim with the permanent deletion of the affected files unless the victim pays a large monetary ransom.

How the IGotYou Ransomware can Get Your Files

PC security researchers suspect that the IGotYou Ransomware is part of a long term threat campaign, and new variants of the IGotYou Ransomware are likely to appear in the coming weeks. The IGotYou Ransomware targets computer users in South East Asia. Victims of the IGotYou Ransomware attack are asked to pay a ransom of 10,000 rupees that will be exchanged for the decryption key necessary to restore the affected files. This has led PC security researchers to suspect that the people responsible for the IGotYou Ransomware are located in India, and the intended victims of the IGotYou Ransomware attack are located around this region. The IGotYou Ransomware will add the file extension '.iGotYou' to the end of each file encrypted by the attack. During the IGotYou Ransomware infection, the IGotYou Ransomware will target a variety of file types, including images, texts, music, and numerous other. The IGotYou Ransomware uses a strong encryption method, a combination of the AES and RSA encryptions, to make the victim's files inaccessible. A few examples of file types that threats like the IGotYou Ransomware target in their attacks include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Dealing with a IGotYou Ransomware Infection

After the IGotYou Ransomware encrypts the victim's files, it delivers a ransom note to the victim's machine. Computer users will find a program window titled 'Files Encrypted' that appears on their computers after Windows starts up. This program window asks the victim to pay 10,000 INR using Paytm, a regional online payment method similar to PayPal or Venmo. It is not a recommended decision pay the IGotYou Ransomware ransom. It is very unlikely that the people responsible for the attack will restore the victim's files, and computer users that pay the ransom may be targeted for further attacks because they have shown a willingness to pay. Furthermore, paying the IGotYou Ransomware ransom allows the cybercrooks to continue financing these attacks, developing new encryption ransomware Trojans and carrying out new tactics. Instead of paying the ransom, computer users should restore their files from a backup copy. This is why having file backups on the cloud or an external memory device is the best protection against the IGotYou Ransomware and similar threats.