InVincible Ransomware

The InVincible Ransomware is an encryption ransomware Trojan. The InVincible Ransomware is designed to encrypt the victim's files and then demand a ransom payment in exchange to get decryption software necessary to recover the affected files. The InVincible Ransomware was first observed on July 26, 2017. The InVincible Ransomware seems to be related to a different ransomware Trojan closely, the Sage 2.0 Ransomware. Both, the InVincible Ransomware and the Sage 2.0 Ransomware run with the same file name, 'WindowsApplication1.exe,' and lead victims to a page on the Dark Web named 'Sage 2.0 User Area,' accessed using the TOR browser. This page displays the following ransom note to the victim:

'Attention!
Sage 2.0 encrypted all your files!
All your files, images, videos and databases where have been encrypted and no longer accessible by software known as Sage 2.0!
To restore all your files, you need to pay $499 (≈0.19006) for the decryption.
After full payment, you will be able to download the software to restore your data.'

There are several ways in which the InVincible Ransomware can be delivered to victims. The most common way in which the InVincible Ransomware is being delivered is through spam email attachments currently. There is little to differentiate the InVincible Ransomware attack from various other ransomware Trojans that are active on the market currently. One aspect of the InVincible Ransomware that sets it apart from numerous other ransomware Trojans, however, is that the InVincible Ransomware will make changes to the visual theme of older versions of Windows (from Windows XP to Windows 7), altering the Desktop background, the Folder View, the Task Bar, and other settings after completing the encryption attack.

The InVincible Ransomware Attack may not be Fully Effective

The InVincible Ransomware, which attempts to encrypt the victim's files in exchange for ransom, may not be able to encrypt all the victims' files. The InVincible Ransomware targets numerous file types in its encryption routine but seems to fail in its encryption method frequently, possibly because of poor implementation, or the InVincible Ransomware is still in development currently. After encrypting the victim's files (or failing to encrypt them, depending on the specific situation), the InVincible Ransomware will display a ransom note in a program window titled 'Ransomware InVincible.' The InVincible Ransomware ransom note contains the following text:

'***ATTENTION! ALL YOUR FILES WERE ENCRYPTED! ***
*** PLEASE READ THIS MESSAGE CAREFULLY ***
All your important and critical files, databases, images, and videos were encrypted by "SAGE 2.2 Ransomware"! "SAGE 2.2 Ransomware" uses military grade elliptic curve cryptography, so you have no chances restoring your files without our help! But if you follow our instructions we guarantee that you can restore all your files quickly and safely!
*** Please be sure to copy instruction text and links to your notepad to avoid losing it ***
bitcoin address: [RANDOM CHARACTERS] (200$)
===== Your personal key =====
[RANDOM CHARACTERS]
==========
If can't open any of those, you can use "TOR Browser"
TOR Browser is available on the official website: hxxps://www.torproject.org/
Just open this site, click on the \"Download Tor\" button and follow the installation instructions Once "TOR Browser" in installed, use it to access hxxp://7gie6ffnkrjykggd.onion/'

Dealing with the InVincible Ransomware

Although the initial ransom fee is of $50 USD, the ransom is raised to $499 USD after a few days, and the decryption key is supposedly lost after a week permanently. However, PC security researchers strongly advise computer users to refrain from paying the InVincible Ransomware ransom, since this only allows the con artists to continue creating ransomware Trojans, and does not guarantee that the files will be recoverable. Instead of paying the InVincible Ransomware ransom, malware researchers strongly advise computer users to take steps to protect their computers. The best immunity against these threats is to have file backups and a reliable security program that is fully up to date.