'.improved File Extension' Ransomware
The '.improved File Extension' Ransomware has the appearance of an encryption ransomware Trojan. The '.improved File Extension' Ransomware and similar threats are designed to make the victims' files inaccessible, using a potent encryption algorithm to make the victim's files unusable. Then, the '.improved File Extension' Ransomware demands the payment of a ransom in exchange for the decryption key needed to recover the affected files. Although the '.improved File Extension' Ransomware takes all the steps that would be associated with an encryption ransomware Trojan, the '.improved File Extension' Ransomware merely pretends to encrypt the victim's files and does not include an encryption component. Rather, the '.improved File Extension' Ransomware will rename the victim's files by changing their file extension so that the Windows operating system will not recognize their file types. Renaming the affected files with their appropriate extension would restore access to the files since their data is not affected (unlike real encryption algorithms that alter the affected files' data).
Table of Contents
An Improved Ransomware Trojan that is a Fraud
The '.improved File Extension' Ransomware may be distributed using spam email messages. Malware researchers have observed that victims may receive a phishing email message with attached DOCX files. These files will contain embedded macro scripts that download and install the '.improved File Extension' Ransomware on the targeted computer. Spam email messages used to deliver threats like the '.improved File Extension' Ransomware may use social engineering techniques to trick the victim into opening their contents. Since the '.improved File Extension' Ransomware is distributed in this way, learning to recognize these tactics and handling spam email messages safely is essential in preventing attacks involving the '.improved File Extension' Ransomware and numerous other threats.
How the '.improved File Extension' Ransomware Carries out Its Attack
Once the '.improved File Extension' Ransomware is installed, this ransomware Trojan will scan the victim's computer for certain files and rename them. The '.improved File Extension' Ransomware was first observed on March 10, 2018, and it seems clear that it is not meant to be a finished threat attack, but merely a test or a byproduct in development. The '.improved File Extension' Ransomware does not encrypt the victim's files, despite stating so in a ransom note. The '.improved File Extension' Ransomware alters the affected files' file extensions and does not alter the data in the affected files. The '.improved File Extension' Ransomware will add the file extension '.improved' to each affected file's name as its name indicates. Once the victim's files have been blocked, the '.improved File Extension' Ransomware will deliver a ransom note in the form of a text file dropped on the affected computer. This file is named 'UNCRYPT.README' and demands an absurdly high ransom amount (considering most ransomware Trojans demand payments ranging from 500 to 2000 USD). The text of the '.improved File Extension' Ransomware's ransom note is:
'Your computer has been locked.
To recover your data send $100000 to the bitcoin address : 1Bh5QEhNrwqJT2nEpjYKHRefKuXiSCbTQP
If you do not send money in 96 hours, payment will be increased x2.
After 120 hours all your files, db, mail, backup will be lost forever.
After payment you will receive mail with uncrypt software.
W : tutanota.com
L : merymerime@tutanota.com
P : mPEk*(-_-)*lOL#832'
However, the payment of the '.improved File Extension' Ransomware ransom amount is not counseled because it probably will end up benefiting the con artists only.
Dealing with an '.improved File Extension' Ransomware Infection
The '.improved File Extension' Ransomware Trojan itself can be removed with the help of a malware removal program that is fully up-to-date. Once the '.improved File Extension' Ransomware has been removed, the affected files can be renamed individually to recover access. Although this process is tedious, you should remember that in the case of most encryption ransomware Trojans, the encryption algorithm may make the affected files inaccessible permanently. To prevent and combat infections with threats like the '.improved File Extension' Ransomware you should have an effective a security program and file backups.
