Threat Database Ransomware Ransomware Ransomware

By GoldSparrow in Ransomware

The Ransomware is an encryption ransomware Trojan that carries out a typical version of this attack, by taking the victim's files hostage and then demanding a ransom payment from the victim. These attacks are quite common, and it is important that computer users take steps to protect their data. In the case of threats like the Ransomware, the best protection is preventing these attacks from passing off in the first place and having measures in place that can help limit the amount of the damage.

Why the Ransomware Infects a Computer

The Ransomware uses the AES 256 and RSA 2048 enciphering methods to make the victim's files inaccessible. Once the Ransomware has encrypted the victim's files, it will demand a ransom payment for the decryption key needed to restore the affected data. The Ransomware seems to be distributed through fake software downloads, such as bogus versions of Adobe Flash Player or through corrupted online advertisements. The Ransomware targets the user-generated files in its attacks, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Ransomware delivers a ransom note in the form of a text file named 'Help to decrypt.txt,' which contains the following text:

'All your files are encrypted, to decrypt them write me to email :
Your key:
[random characters]'

The files damaged by the attack are renamed with the addition of the file extension '!!' added to the end of each affected file's name. Computer users should disregard the message contained in the Ransomware's ransom note and, instead, take steps to protect their data from threats like the Ransomware.

Protecting Yourself from the Ransomware and Similar Threats

Because of the strength of the encryption method used by the Ransomware attack, it is typically not possible to restore files encrypted by its attack. Because of this, it is very important to prevent these attacks and have ways to restore any files that were compromised. This is why the best protection against attacks like the Ransomware is to have backup copies of all data and store these backups in an accessible location that is offline from their original device, such as an external memory device or through cloud storage that is not synchronized. It is also essential to use a strong security program that is fully up-to-date and monitor any online activity carefully to avoid downloading and installing malware threats like the Ransomware inadvertently. Common delivery methods include corrupted spam email attachments and online advertisements.


Most Viewed