INDRIK Ransomware

By GoldSparrow in Ransomware

Translate To:

The INDRIK Ransomware is a generic crypto-threat that was reported on January 4th, 2019. The reports from security incidents involving the INDRIK Ransomware suggest the threat is distributed via spam emails and compromised remote desktop accounts primarily. The INDRIK Ransomware is a relatively simple cyber-threat that is known to apply a custom AES-256 cipher to the user-generated files like photos, downloaded music/video, recently created documents, PDFs and hosted databases. The INDRIK Ransomware is observed to delete the Shadow Volume snapshots by running commands in the Command Line tool. Hence, the native backup features on Windows are not sufficient to protect your files from the INDRIK Ransomware. The program at hand overwrites the original content with the encrypted data, which carries the '.INDRIK' marker. For example, 'Destiny 2.wmv' is renamed to 'Destiny 2.wmv.INDRIK' and a ransom note called '# HOW TO DECRYPT YOUR FILES #.html' is dropped to the desktop. The message presented by the INDRIK Ransomware includes the following text:

'Dead Line
[Days Hours Minutes Seconds|COUNTDOWN TIMER]
UNIQUE IDENTIFICATOR
[random characters]
What Happened to y Files
All your files have been encrypted using military grade encryption algorithm. Any attempt to decrypt or recovery your files else than use will cause permanent damage to your files. This means you will lose them forever. The only way you can decrypt your files is purchase your unique decryption tool from us.
YOU HAVE ONLY 7 DAYS FOR PURCHASE YOUR DCRYPTION TOOL BEFORE DESTROY ALL YOUR FILES"
It is not advised to use third party tools to decrypt, If we find them you, will forever lose your files.
What is Dead Line?
Its the last time that you have the opportunity to communicate with us.
AFTER THE COUNTDOWN FINISHED, THE LIFETIME OF YOUR FILES WILL GO DOWN TO ETERNAL DEATH
How Can Restore My Files?
For restore your files and return to the normal state. you must send your request to both the address indrlk@tuta.io and indrik@airmail.cc with the same subject.
NOTE THAT ADD THE 'UNIQUE IDENTIFICATOW IN THE TEXT OF EMAIL OR ATTACH '# HOW TO DECRYPT YOUR FILES #.HTML' FILE TO THE EMAIL
Also, in order to further trust us, we are ready to decrypt a single of your file less than 5 megabytes of size for free.'

The ransomware actors might offer decryption services to the users who are willing to write to 'indrik@tuta.io' and 'indrik@airmail.cc.' You should note that there is no guarantee that you would receive a decryptor even if you pay an absurd amount of money to the INDRIK Ransomware team. It is safer to clean the compromised device and boot data backups using portable memory drives and file hosting services. PC users should take a proactive approach to crypto-threats like the INDRIK Ransomware and make backups regularly.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

INDRIK Ransomware

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen