Isolated Ransomware

The Isolated Ransomware is another example of data-locking ransomware and works by encrypting a user's files. The attacker then demands a cryptocurrency ransom in return for decrypting the files. The Isolated Ransomware is a new version of the well-known Aurora Ransomware. The Isolated Ransomware adds a ".isolated" extension to the encrypted files. It then generates three ransom note files called "@@_README_@@.txt,' "@@_ATTENTION_@@.txt" and "@@_HELPER_@@.txt." All three files contain the same instructions to pay a ransom and email someone to get the decryption key and software. The Isolated Ransomware does not appear to attack any specific geographical region or group of people.

What is the Infection Method Used by the Isolated Ransomware

The Isolated Ransomware is known to use RSA-2048 encryption, which is nearly impossible to decrypt without the encryption key. The Isolated Ransomware is spread using spam email, corrupted torrents and infected downloads. It can be run directly if the downloaded file is an executable or by using a macro hidden inside an MS Office document (.doc, .docx, .xls, .xlsx). Once executed, the Isolated Ransomware encrypts any interesting files it encounters quickly. It then leaves three ransom note files on the desktop with instructions on how to pay a ransom and recover your files.

Sample Ransom Note
'$$$$$$$$$> CRYPTO LOCKER <$$$$$$$$$ SORRY! Your files are encrypted. File contents are encrypted with random key. Random key is encrypted with RSA public key (2048 bit). We STRONGLY RECOMMEND you NOT to use any "decryption tools". These tools can damage your data, making recover IMPOSSIBLE. Also we recommend you not to contact data recovery companies. They will just contact us, buy the key and sell it to you at a higher price. If someone else offers you files restoring, ask him for one file decryption. If you decide to decrypt files, for a have to get RSA private key. To get the RSA key, follow these steps in order: Pay of the ransom cost: 1. $100 in the first 24 hours, $200 before and after 48 hours. Pay the stated amount to this BTC-purse: >>> 19byE1fxToZXcmfXixFZmRy9E9i1QFYmLv <<< 2. Write on the testodin@cock.li, specifying a link to the BTC-transaction in the message. =========== !ATTENTION! Attach file is 000000000.key from %appdata% to email message, without it we will not be able to decrypt your files. =========== In the reply letter you will receive a unique decoder and instructions on what to do next. Only we can successfully decrypt your files. You will receive instructions of what to do next. We guarantee you file recovery if you do it right. $$$$$$$$$> CRYPTO LOCKER <$$$$$$$$$'

Protecting Your Machine from the Isolated RansomwareMy Device Has Been Infected. What do I do Now?

While there are some tools being marketed online that claim to be able to decrypt files affected by the Isolated Ransomware, it is almost impossible to accomplish this. Encryption methods use a "secret key" without which the decryption is simply not going to work. There are techniques by which a system may be "purged" of the infection. You can try manually searching for all infected files, cleaning the Registry, and removing all traces of the malware from the disk, but there is no guarantee that some remnant will not reinfect the device. Never pay the ransom or reach out the attackers. In most cases, all this will accomplish is to make you more vulnerable to ransomware and other attacks. If you pay the ransom via Bitcoin, there is little to no chance that the attackers will recover your data, and in a lot of cases, they ask for more money or disappear completely.