Ims00ry Ransomware

The Ims00ry Ransomware is a data-encrypting Trojan, which was uncovered by malware researchers recently. Often, cybercrooks use popular ransomware threats to base their creations on instead of creating them from scratch. However, the Ims00ry Ransomware does not seem to belong to any of the big ransomware families.

Infecting Your PC

The propagation method employed in the spreading of the Ims00ry Ransomware is not yet known. Some believe that the most popular infection vectors involved in propagating ransomware threats may be at play in the case of the Ims00ry Ransomware too – emails that contain corrupted attachments, fake software updates, and infected pirated applications from unofficial sources. The Ims00ry Ransomware will scan the system as soon as it manages to infiltrate it so it would locate the files, which it is programmed to lock. When this is completed, the Ims00ry Ransomware will start locking the files in question. What is interesting about this ransomware threat is that unlike almost all file-locking Trojans, the Ims00ry Ransomware will not apply an additional extension to the affected files.

The Ransom Note

The next step is dropping a ransom note. The Ims00ry Ransomware’s note is named ‘README.txt.’ It is a very popular practice among ransomware authors to use all caps when giving their ransom notes a name. Having all caps increases the chances of the victim to spot the note and reading the attackers’ message:

’I am sorry!!!
My friend. I want to start my own business, but i have no money.
All your files photos, databases, documents and other important are encrypted with strongest encryption and algorithms RSA 4096, AES-256.
If you want to restore your files payment and write to Telegram bot
Price decrypt software is $50.

Contact Telegram bot:
@Ims00rybot’

Most ransomware creators demand to be contacted via email. However, the individuals behind the Ims00ry Ransomware have opted to use Telegram as the platform for communication with their victims. They give out the Telegram contact @Ims00rybot. The decryption fee required is $50 in the shape of Bitcoin. Transactions via Bitcoin are a preferred method by cybercriminals as this allows them to keep their anonymity and therefore continue their shady activities undetected.

We would recommend you to avoid paying cyber crooks. Not only is there no guarantee that you will receive the decryption key promised, but your cash will go to further fund the criminal operations of these individuals. A safer approach is to download and install a reputable anti-spyware application, which will not only rid you of the Ims00ry Ransomware but also make sure your system remains safe in the future.