INFOWAIT Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 17,060 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 422 |
| First Seen: | November 20, 2018 |
| Last Seen: | September 14, 2023 |
| OS(es) Affected: | Windows |
The INFOWAIT Ransomware is an encryption ransomware Trojan that is related to the DATASTOP Ransomware, a previously reported ransomware threat. The INFOWAIT Ransomware was first observed on November 2018 and seems to target individual computer users and home PCs. Typically, the INFOWAIT Ransomware is delivered using spam email attachments, often using social engineering techniques to trick computer users into opening a PDF or DOCX file with embedded macro scripts. Once installed, the INFOWAIT Ransomware is designed to take the victim's files hostage and then demand a ransom payment from the victim.
How the INFOWAIT Ransomware Carries Outs Its Attack
The INFOWAIT Ransomware is run on the victim's computer as an executable named 'update.exe' that encrypts the victim's files. The INFOWAIT Ransomware marks all the files it encrypts with the file extension '.INFOWAIT' and targets the user-generated files, such as the following file types:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The INFOWAIT Ransomware delivers a ransom note in the form of a text file named '!readme.txt,' which contains the following text:
'!ATTENTION PLEASE!
Your databases, files, photos, documents and other important files are encrypted and have the extension: .INFOWAIT
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Price for decryption $290 if you contact us first 72 hours.
E-mail address to contact us:
BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch
Reserve e-mail address to contact us:
savefiles@india.com
Your personal id:
[random characters]'
Dealing with the INFOWAIT Ransomware Infection
The best way to ensure that your data is protected from threats like the INFOWAIT Ransomware is to have backup copies of your data. If you can restore your files from a backup copy, then the criminals lose any power to demand a ransom payment. Apart from file backups, it is paramount that computer users have an anti-malware program that is fully up-to-date. Since the INFOWAIT Ransomware is commonly spread using corrupted spam email attachments, learning to recognize unsafe emails and dealing with it appropriately is also an essential part of preventing and stopping the spread of attacks like the INFOWAIT Ransomware Trojan.
