Infovip@airmail.cc Ransomware

PC security researchers are coming by reports of a variant in the Scarab family of ransomware known as the 'Infovip@airmail.cc' Ransomware. The criminals responsible for the Scarab family of ransomware have allowed third parties to customize their code and create new versions of this threat. The 'Infovip@airmail.cc' Ransomware is just one of many new versions of this threat that are being utilized to carry out attacks currently. It is possible that the Scarab Ransomware is being offered in the form of a builder kit, or it is part of a RaaS (Ransomware as a Service) platform due to the high number of attacks and variants between April and July of 2018.

How the 'Infovip@airmail.cc' Ransomware Attacks a Computer

The 'Infovip@airmail.cc' Ransomware is delivered to the victim's computer through the use of corrupted DOCX files with embedded macro scripts initially. These are attached to spam email messages and dropped on the infected computer commonly. Once the 'Infovip@airmail.cc' Ransomware has been installed, the 'Infovip@airmail.cc' Ransomware will run stealthly to encrypt the victim's files. The 'Infovip@airmail.cc' Ransomware will delete the Shadow Volume copies of the victim's files and the System Restore points, to prevent the victims from accessing their files in alternate ways. The 'Infovip@airmail.cc' Ransomware will scan the infected computer in search for the user-generated files and then will use the AES and RSA encryptions to make the victim's files inaccessible. Threats like the 'Infovip@airmail.cc' Ransomware may target the file types below in their attacks:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The 'Infovip@airmail.cc' Ransomware will rename the affected files, scrambling their names using base64 and adding the file extension '.Infovip@airmail.cc' to any targeted file's names. Once the 'Infovip@airmail.cc' Ransomware has encrypted the victim's files, the 'Infovip@airmail.cc' Ransomware exhibits a ransom note in the form of a text file dropped on the infected computer's desktop. The file is named 'HOW TO RECOVER ENCRYPTED FILES-infovip@airmail.cc.txt' and contains the following message:

'The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
=============
infovip@airmail.cc
=============
Your files are encrypted!
Your personal identifier:
[hex string]
=============
To decrypt files, please contact us by email:
infovip@airmail.cc
=============
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file

Dealing with the 'Infovip@airmail.cc' Ransomware Infection

If you are one of the unlucky victims of the 'Infovip@airmail.cc' Ransomware attack, they will, unfortunately, not be recoverable without the decryption key. Although a security software will be capable of removing the 'Infovip@airmail.cc' Ransomware threat itself, the encrypted files will remain inaccessible. This is why file backups are the most effective method of ensuring that your data is protected from threats like the 'Infovip@airmail.cc' Ransomware. PC security researchers advise computer users to store backups on places that a threat can't reach. Also, a security program in place can intercept the 'Infovip@airmail.cc' Ransomware attacks before the files become inaccessible.