InducVirus Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | November 20, 2018 |
| Last Seen: | March 6, 2020 |
| OS(es) Affected: | Windows |
The InducVirus Ransomware is an encryption ransomware Trojan based on an open source ransomware platform. The InducVirus Ransomware, like most encryption ransomware Trojans, is designed to make the victims' files inaccessible by encrypting their contents and then demanding a ransom payment in exchange for a decryption key. Malware researchers first received reports of the InducVirus Ransomware on November 11, 2018, and it also is known as the Delphi Ransomware.
Table of Contents
You cannot Access the Files Compromised by the InducVirus Ransomware
The InducVirus Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The InducVirus Ransomware targets the user-generated files, which may include a wide variety of documents and media file types. Threats like the InducVirus Ransomware target the files displayed below in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The InducVirus Ransomware deletes the Shadow Volume Copies of the target's files, as well as the System Restore points, apart from encrypting the victim's files. These are two elements could be used to restore the data encrypted by these attacks and are removed by encryption ransomware Trojans usually.
The InducVirus Ransomware’s Ransom Demand
The InducVirus Ransomware modifies the files in a way that they can be easily identified because the InducVirus Ransomware will add the file extension '.FilGZmsp' to each file encrypted by the attack. The InducVirus Ransomware delivers a program window with the title 'sobachka' that contains the following text, once the victim's files have been encrypted:
'You files have been encrypted using RC6 Algorythm.
For decrypt contact to adren.kutospov.97@tutanota.com
You have a 10 hours to contact us.
If your contacts after 10 hours - your files has flushed to toilet!
[Okay!|BUTTON]
[Im fucking faggot! PLEASE DELETE MY SYSTEM!|BUTTON]'
It is clear that the InducVirus Ransomware was created by Russian speakers, both from the use of the word 'sobachka' (Russian for 'dog') and for various aspects of its code.
Protecting Your Data from Threats Like the InducVirus Ransomware
The best protection against threats like the InducVirus Ransomware is to have file backups. Having file backups ensures that computer users can recover from the InducVirus Ransomware attacks and similar infections after their files have been compromised. Apart from file backups, computer users should use a security program to protect their data from the InducVirus Ransomware and similar threats. Combining security software and file backups computer users can recover from most ransomware attacks or prevent them from being installed in the first place. Unfortunately, you may not decrypt the files encrypted by the InducVirus Ransomware without the decryption key due to the use of an advanced AES 256 encryption.
