Threat Database Ransomware Ransomware Ransomware

By CagedTech in Ransomware

The '' Ransomware is a ransomware Trojan that belongs to the every growing Crysis family of ransomware. PC security analysts first observed varieties of this threat family in March of 2016. Since then, new versions have appeared periodically, with a large wave of new variants (which include the '' Ransomware) appearing in the Summer of 2016. The attack of the '' Ransomware and other Crysis variants is typical of ransomware Trojans, albeit highly effective.

After the '' Ransomware is installed, it takes the victim's files hostage by encrypting them with a strong encryption algorithm. The '' Ransomware demands that the victim pays a very large ransom amount to return control over the infected files. This is what makes the '' Ransomware and other Crysis variants so threatening. Although the '' Ransomware may be removed with a reliable security program that is fully up to date easily, once the '' Ransomware has carried out its attack, the files will remain encrypted and inaccessible until the victim pays the ransom and obtains the decryption key. Unfortunately, since the '' Ransomware uses a sophisticated encryption algorithm, it may not be possible to decrypt the files it encrypts. This is why preventive measures work best when it comes to protecting your computer from the '' Ransomware and other ransomware Trojans.

The Infection Process Used by the '' Ransomware

The '' Ransomware demands the payment of a ransom that may vary between $600 and $1800 USD, generally to be paid using BitCoins or another anonymous payment method. The amount of the ransom, however, may become much higher if the '' Ransomware manages to infect a server or an enterprise system or network, which may result in substantial losses for any business.

The most common way in which the '' Ransomware may arrive in a computer is by been attached to an unsolicited email message. The '' Ransomware will arrive in the form of a corrupted email attachment that may be disguised as a harmless file. As soon as the victim opens the corrupted email attachment, it encrypts the victim's files with its strong encryption algorithm. Crysis variants wil target the following file types during their attack:

.odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps.

Dealing with the '' Ransomware

Whenever the '' Ransomware encrypts content in a directory, it will drop a text file containing a ransom demand into that directory. The '' Ransomware also drops ransom notes on the victim's desktop and changes the infected computer's desktop image. PC security researchers are against the payment of the '' Ransomware ransom amount. There have been reports that the con artists responsible for many of these Crysis ransomware variants will, in fact, not deliver a decryptor after the payment, and may demand an additional payment. Even if these reports are inaccurate, you should avoid financing these con artists' activities and instead take appropriate preventive measures to avoid the '' Ransomware infections in the first place.


Most Viewed