Iron Ransomware

PC security researchers first observed the Iron Ransomware, an encryption ransomware Trojan, on April 11, 2018. The most common way of delivering the Iron Ransomware is through the use of corrupted spam email attachments. These spam emails may contain an attachment in the form of a Microsoft Word file with embedded macros that download and install the Iron Ransomware onto the victim's computer. The Iron Ransomware belongs to a family of threats that has released several variants recently, such as ransomware Trojans dubbed as 'Maktub'' and 'Satan'.

The Iron Ransomware will Take the Victim’s Files Hostage

The Iron Ransomware runs as 'IronUnlocker.Exe' on infected computers. The Iron Ransomware, like the countless ransomware Trojans active nowadays, is designed to take the victim's files hostage, using a strong encryption algorithm that will make the victim's files inaccessible. The Iron Ransomware will encrypt 374 different types of files. The files favored by attacks like the Iron Ransomware include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Iron Ransomware will be used to carry out attacks on mid-sized businesses and servers, considering the sophistication of the Iron Ransomware, the resources behind the attack and its distribution campaign.

The Iron Ransomware’s Ransom Demand

The Iron Ransomware will drop a file on the infected computer named '!HELP_YOUR_FILES.HTML.' This file displays a message that reads as follows:

'Your documents, photos, database, and other essential files have been encrypted with the strongest encryption an unique key, generated for this computer. The private decryption key is stored on a secr4et Internet server, and nobody can decrypt your files until you pay and obtain the private key. The server will eliminate the key after a period specified in this window.'

The Iron Ransomware holds the victim's files and demands a ransom of 0.2 Bitcoin, which is approximately 1400 USD at the current exchange rate. The advice to infected computer users is to refrain from making contact with the people responsible for the Iron Ransomware attack. The odds are that these people will not help them restore their files, and even if they do, paying these ransoms allow the creators of the Iron Ransomware to continue creating and distributing threats like the Iron Ransomware to other computer users.

Protecting Your Data from Threats Like the Iron Ransomware

The best protection against threats like the Iron Ransomware is to have file backups on a cloud storage service or a portable memory drive. Unfortunately, since the Iron Ransomware uses a highly powerful encryption method, the best protection against the Iron Ransomware is to have preemptive backups of all of your files. An updated security program can remove the Iron Ransomware Trojan itself, but it will not restore the files corrupted by the attack, which corruption may be irreversible. Ransomware Trojans like the Iron Ransomware are becoming more common increasingly, and it is why computer users should ensure that their files are protected against these and other threats adequately. If enough computer users have file backups, then the people responsible for these attacks will not have a motive to still creating their threats.

SpyHunter Detects & Remove Iron Ransomware