IMI Ransomware Description
The IMI Ransomware is one of the most recently uncovered data-locking Trojans. Once malware researchers spotted and studied this Trojan, they found that it is a variant of the notorious Dharma Ransomware. The Dharma Ransomware family has been the second most active ransomware family in 2019 and has claimed numerous victims. Most cybercriminals who decide to dabble into the creation and distribution of ransomware threats prefer to borrow the code of already established data-locking Trojans and alter it ever so slightly, instead of building a threat from scratch.
Propagation and Encryption
The propagation method behind the spreading of the IMI Ransomware has not been revealed yet. Some speculate that the attackers may be using torrent trackers, fraudulent application updates, bogus pirated copies of popular software solutions, and mass spam email campaigns to propagate the IMI Ransomware. The IMI Ransomware makes sure to cause maximum damage to the infiltrated host, which means that .jpeg, .jpg, .mp3, .mp4, .mov, .doc, .docx, .pdf, .xls, .xlsx, .ppt, .pptx, .rar, etc. will be encrypted by this nasty Trojan undoubtedly. By targeting popular file types that are likely to be present on the system of any regular user, the authors of the IMI Ransomware increase their chances of being paid. The IMI Ransomware will apply an encryption algorithm and lock the targeted files. Just like most variants of the Dharma Ransomware, the IMI Ransomware makes sure to apply a new extension to the locked files, following a certain pattern - '.id-
The Ransom Note
The IMI Ransomware will proceed to drop a ransom note on the desktop of the user. The ransom message can be found in two files named - 'Info.hta' and 'FILES ENCRYPTED.txt.' Authors of ransomware threats would often use all caps when naming the files that contain their ransom message, as this makes it more likely for the victim to spot the note and read the message. The creators of the IMI Ransomware do not specify the ransom fee that will be demanded from the victim. However, they provide an email address where they will, presumably, provide the user with more information and instructions.
If the IMI Ransomware has encrypted your data, we would advise you against contacting the authors of this threat. They will try to convince you into paying them the ransom fee but will likely never hold up their end of the bargain. Cyber crooks tend to lose any motivation to cooperate with their victims as soon as they get their hands on the user's cash. This is why you should obtain a reputable anti-virus application that will aid you in removing the IMI Ransomware from your system safely.
Do You Suspect Your PC May Be Infected with IMI Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like IMI Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.