IMI Ransomware

IMI Ransomware Description

The IMI Ransomware is one of the most recently uncovered data-locking Trojans. Once malware researchers spotted and studied this Trojan, they found that it is a variant of the notorious Dharma Ransomware. The Dharma Ransomware family has been the second most active ransomware family in 2019 and has claimed numerous victims. Most cybercriminals who decide to dabble into the creation and distribution of ransomware threats prefer to borrow the code of already established data-locking Trojans and alter it ever so slightly, instead of building a threat from scratch.

Propagation and Encryption

The propagation method behind the spreading of the IMI Ransomware has not been revealed yet. Some speculate that the attackers may be using torrent trackers, fraudulent application updates, bogus pirated copies of popular software solutions, and mass spam email campaigns to propagate the IMI Ransomware. The IMI Ransomware makes sure to cause maximum damage to the infiltrated host, which means that .jpeg, .jpg, .mp3, .mp4, .mov, .doc, .docx, .pdf, .xls, .xlsx, .ppt, .pptx, .rar, etc. will be encrypted by this nasty Trojan undoubtedly. By targeting popular file types that are likely to be present on the system of any regular user, the authors of the IMI Ransomware increase their chances of being paid. The IMI Ransomware will apply an encryption algorithm and lock the targeted files. Just like most variants of the Dharma Ransomware, the IMI Ransomware makes sure to apply a new extension to the locked files, following a certain pattern - '.id-.[imdecrypt@aol.com].IMI.'

The Ransom Note

The IMI Ransomware will proceed to drop a ransom note on the desktop of the user. The ransom message can be found in two files named - 'Info.hta' and 'FILES ENCRYPTED.txt.' Authors of ransomware threats would often use all caps when naming the files that contain their ransom message, as this makes it more likely for the victim to spot the note and read the message. The creators of the IMI Ransomware do not specify the ransom fee that will be demanded from the victim. However, they provide an email address where they will, presumably, provide the user with more information and instructions.

If the IMI Ransomware has encrypted your data, we would advise you against contacting the authors of this threat. They will try to convince you into paying them the ransom fee but will likely never hold up their end of the bargain. Cyber crooks tend to lose any motivation to cooperate with their victims as soon as they get their hands on the user's cash. This is why you should obtain a reputable anti-virus application that will aid you in removing the IMI Ransomware from your system safely.

Do You Suspect Your Computer May Be Infected with IMI Ransomware & Other Threats? Scan Your Computer with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like IMI Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*
Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.