InfinityLock Ransomware

PC security researchers first observed the InfinityLock Ransomware, an encryption ransomware Trojan, on September 16, 2017. The InfinityLock Ransomware does not encrypt the victim's files. Instead, the InfinityLock Ransomware displays a ransom note meant to make the victims believe that they have been infected by a real encryption ransomware Trojan. However, the InfinityLock Ransomware will merely change the files' extensions instead of encrypting the victim's files, making it more problematic to load or read their contents. However, in the event of an InfinityLock Ransomware attack, the victim's data will remain intact. Essentially, the InfinityLock Ransomware takes advantage of the widespread presence of encryption ransomware Trojans to make the victims believe that their data was compromised.

How the InfinityLock Ransomware may be Delivered to Victims

The InfinityLock Ransomware can be distributed in various ways. The InfinityLock Ransomware is being distributed through torrent websites and file sharing networks and websites currently. The InfinityLock Ransomware may be disguised as a cracked version of the Adobe Premiere Pro CC, a popular video editing application. These fake versions of popular software online distributed for free on pirating websites are among the most common ways of distributing threats like the InfinityLock Ransomware. Because of this, and because it is not legal, computer users should refrain from using file sharing websites and other sources of pirated software. This online content has a very high probability of infecting the victims' computers with threats like the InfinityLock Ransomware.

Some Details about the InfinityLock Ransomware’s Modus Operandi

The InfinityLock Ransomware will run as 'PremiereCrack.exe' on the victim's computer. The InfinityLock Ransomware will scan the victim's file Registry and create a random file extension that is added to the victim's files. The InfinityLock Ransomware will display a bogus command window. The InfinityLock Ransomware will use three different executable files named 'encrypt.exe,' 'setinstructions.exe' and 'sendhelp.exe' in its attack. The InfinityLock Ransomware will display a fake command window that contains the following text:

'[Windows Version]
C:\Users\[account name]>encrypt.exe -alldata -randomkeysend -rsa-2048 -alldrives
C:\Users\[account name]>setinstructions.exe -silent -desktop
C:\Users\[account name]>sendhelp.exe -incmd -me'

The above text is clearly meant to make the victim believe that the victim's files were encrypted using RSA 2048 encryption, a strong encryption method associated with various real encryption ransomware Trojans. The InfinityLock Ransomware's initial versions will display the following message as a 'ransom note':

'YOU BECAME A VICTIM OF the InfinityLock Ransomware !
ALL YOUR FILES HAVE BEEN ENCRYPTED
PAY 0.17 BITCOINS TO THIS ADDRESS_
[RANDOM CHARACTERS]'

PC security researchers also have received reports of variants of the InfinityLock Ransomware displaying a longer version of this ransom note, which reads as follows:

'YOU BECAME A VICTIM Of the InfinityLock Ransomware!
ALL YOUR FILES HAVE BEEN ENCRYPTED WITH RSA 2048
DONT TRY TO DELETE ME
FOR EACH TRY TO DO ANYTHING I WILL DELETE FILES
PAY 0.17 BITCOINS TO THIS ADDRESS : 1LSgvYFY7SDNje2MhsmS1FxhqPsbvXEhpE
YOU CAN BUY BITCOINS ON "BLOCKCHAIN.INFO"
SEND YOUR UNIQE ID IN THE DESCRIPTION OF THE BITCOIN PAYMENT
YOU CAN FIND THEM ON YOUR DESKTOP IN "INFINITYLOCK_UNIQEID.TXT"
AFTER THE PAYMENT YOUR FILES WILL BE DECRYPTED!'

Dealing with an InfinityLock Ransomware Infection

The InfinityLock Ransomware demands a ransom of 675 USD in Bitcoins in its attack. Affected computer users should avoid paying this ransom, especially since the InfinityLock Ransomware will not encrypt the victim's files. Infected computer users should restore their files by reverting to a previous version by using the Windows Restore. The affected files also can be renamed manually. It is possible that security providers may release a file that could help computer users rename their files in a more convenient way. Fortunately, the InfinityLock Ransomware, unlike the majority of encryption ransomware Trojans that are active currently, makes a lot of threats but does not seem to follow through and encrypt the victims' files. However, this is not always what happens so that computer users should have file backups and other protections in place.