InfinityShadow Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 552 |
First Seen: | August 15, 2017 |
Last Seen: | June 3, 2021 |
OS(es) Affected: | Windows |
The InfinityShadow Ransomware is an encryption ransomware Trojan that runs as 'The_Last.exe' on the victim's computer. Because of this, the InfinityShadow Ransomware has also been known as 'The_Last Ransomware.' PC security analysts have uncovered countless encryption ransomware Trojans like the InfinityShadow Ransomware in the last few years, with the number increasing in 2017. The InfinityShadow Ransomware was first observed in the second week of August 2017 and has characteristics that seem to point to a relationship with the Jigsaw Ransomware family of threats. The way the InfinityShadow Ransomware is distributed, as well as its code, have certain similarities with Jigsaw, and it is possible that the InfinityShadow Ransomware is a new variant in this ransomware family.
Table of Contents
The InfinityShadow Ransomware Uses Telegram to Send Data to Its Controlers
The InfinityShadow Ransomware uses a combination of the AES and RSA encryptions to make the victim's files inaccessible. Like most ransomware Trojans, the purpose of the InfinityShadow Ransomware is to encrypt the victim's data to make it unusable, essentially taking it hostage. The victim is forced to pay a ransom to recover access to the affected data. The InfinityShadow Ransomware is fairly uncommon in that it connects to its Command and Control servers using Telegram, an anonymous instant messaging service. Through Telegram, the InfinityShadow Ransomware relays information about the affected computer and the encryption used to its controllers. In its attack, the InfinityShadow Ransomware will encrypt user-generated files shared network directories, all local drives, as well as external memory devices connected to the infected computer. The files that the InfinityShadow Ransomware encrypts include photos, text documents, audio, video, databases, and file types associated with common applications such as Microsoft Office or MySQL.
The InfinityShadow Ransomware’s Ransom Demand
The InfinityShadow Ransomware will demand a ransom as soon as it finishes encrypting the victim's data. The InfinityShadow Ransomware does this through a ransom note in the form of a text file named 'Important_Read_Me.txt,' which is dropped on the infected computer's desktop. The full text of the InfinityShadow Ransomware's ransom note reads:
'[ID]
.......................END........................
What happened to my computer?
All of your personal files, such as documents, photos, videos, databases and files that you need, have been removed from your secure cryptography.
You need to pay for your personal files to be decrypted.
Maybe you're looking for a way out of the internet to reopen your files. We will endow you no one but us able to reopen your encrypted files!
So what should I do now?
All you need to do is pay the amount requested to our Bitcoin account and then send the personal identification key to our email address.
Why should I trust you?
We are not dishonest users and guarantee the return of all your missing files. To do this, you can decode 2 of your files by sending us free of charge.
Warning:
After this message, you have only 7 days to pay the requested amount of time. After that time, your key will be deleted from our server and you will not be able to access any of your files even if the requested amount is paid and remember any attempts to manipulate your encrypted files by the program.
Miscellaneous or other people may cause the file to be lost.
Pament : 260$
Email : InfinityShadow@Protonmail.com
BitCoin Address : 18vsVuzW7oQLQX2u6UmGw9SzhmGntbEQoJ'
Dealing with the InfinityShadow Ransomware
Fortunately, no payments have been reported to the Bitcoin wallet associated with the InfinityShadow Ransomware. PC security analysts strongly advise not paying the 260 USD sum or contacting the people responsible for this attack. Besides been very unlikely that they will restore the affected files, paying these ransoms allows them to continue developing threats like the InfinityShadow Ransomware. The best protection against ransomware Trojans like the InfinityShadow Ransomware is to have file backups, which allows computer users to ignore the ransom demand and copy over the backup versions of their files. The InfinityShadow Ransomware itself can be removed easily with a reliable security program.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.