IMI Ransomware

The IMI Ransomware is one of the most recently uncovered data-locking Trojans. Once malware researchers spotted and studied this Trojan, they found that it is a variant of the notorious Dharma Ransomware. The Dharma Ransomware family has been the second most active ransomware family in 2019 and has claimed numerous victims. Most cybercriminals who decide to dabble into the creation and distribution of ransomware threats prefer to borrow the code of already established data-locking Trojans and alter it ever so slightly, instead of building a threat from scratch.

Propagation and Encryption

The propagation method behind the spreading of the IMI Ransomware has not been revealed yet. Some speculate that the attackers may be using torrent trackers, fraudulent application updates, bogus pirated copies of popular software solutions, and mass spam email campaigns to propagate the IMI Ransomware. The IMI Ransomware makes sure to cause maximum damage to the infiltrated host, which means that .jpeg, .jpg, .mp3, .mp4, .mov, .doc, .docx, .pdf, .xls, .xlsx, .ppt, .pptx, .rar, etc. will be encrypted by this nasty Trojan undoubtedly. By targeting popular file types that are likely to be present on the system of any regular user, the authors of the IMI Ransomware increase their chances of being paid. The IMI Ransomware will apply an encryption algorithm and lock the targeted files. Just like most variants of the Dharma Ransomware, the IMI Ransomware makes sure to apply a new extension to the locked files, following a certain pattern - '.id-.[imdecrypt@aol.com].IMI.'

The Ransom Note

The IMI Ransomware will proceed to drop a ransom note on the desktop of the user. The ransom message can be found in two files named - 'Info.hta' and 'FILES ENCRYPTED.txt.' Authors of ransomware threats would often use all caps when naming the files that contain their ransom message, as this makes it more likely for the victim to spot the note and read the message. The creators of the IMI Ransomware do not specify the ransom fee that will be demanded from the victim. However, they provide an email address where they will, presumably, provide the user with more information and instructions.

If the IMI Ransomware has encrypted your data, we would advise you against contacting the authors of this threat. They will try to convince you into paying them the ransom fee but will likely never hold up their end of the bargain. Cyber crooks tend to lose any motivation to cooperate with their victims as soon as they get their hands on the user's cash. This is why you should obtain a reputable anti-virus application that will aid you in removing the IMI Ransomware from your system safely.