Israbye Ransomware
The Israbye Ransomware is an encryption ransomware Trojan. The Israbye Ransomware, like most encryption ransomware Trojans, is designed to take the victim's files hostage, making them unusable, and then demanding a ransom payment from the victim. The Israbye Ransomware, unlike most threats of this type, does not demand a ransom payment but, rather, carries out its attack as some sort of political statement (or as a way to troll or prank victims). Unfortunately, the Israbye Ransomware's attack is very real and has the potential to make the victim's files unrecoverable unless they have backup copies of their data stored in a separate device.
How the Israbye Ransomware Attacks Your Computer
The Israbye Ransomware is a variant of the HiddenTear encryption ransomware Trojan, first released in 2015 and the basis for countless ransomware Trojans. Essentially, the Israbye Ransomware will use the AES encryption to make the victim's files inaccessible, targeting the user-generated files in its attack. The Israbye Ransomware will mark the files it enciphers with the file extension '.israbye,' added to each file's name. The files below are examples of the files that will be made inaccessible:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The Israbye Ransomware delivers a note to the victim's computer. The Israbye Ransomware 'ransom note' simply states the reason for the attack and provides no means or the possibility of recovery, while most encryption ransomware Trojans deliver a note asking for a ransom payment. The Israbye Ransomware's note is delivered in English, Korean, and Arabic and contains the following text:
'What Happened to My Computer?
All Your FIles and data are Fucked For Ever!
Can I Recover My Files?
Sure you can recover your files and guarantee that For Free!
When will I recover your files?
You will recover your files when we recover Palestine,
When we recover AL AQSA, When we Recover Our Victims, Our Souls'
Dealing with the Israbye Ransomware Attack
Although computer users can wait for the release of a decryption tool, it is not usual that these threats can be cracked due to the strength of the encryption methods used in the attacks. Because of this, prevention is the key aspect of making sure that your data is safe from threats like the Israbye Ransomware. To be sure that your data is protected is to have backup copies of all of your files, and these copies are stored in an offline location such as the cloud or on an external memory device. Security experts also recommend the use of a reliable security program that is fully up to date to protect your PC from intrusion.
