Threat Database Ransomware Malevich Ransomware

Malevich Ransomware

By GoldSparrow in Ransomware

The Malevich Ransomware is a ransomware Trojan that was created using the Crysis engine, a ransomware family that has been active since March of 2016. The Malevich Ransomware carries out a typical threat attack on its victim, encrypting the victim's files and then asking for the payment of a ransom to provide the means to decrypt the affected files. The Malevich Ransomware is an important threat to the integrity of the computer users' data, and steps should be taken to remove the Malevich Ransomware immediately if a computer becomes infected with this threat. Unfortunately, once the Malevich Ransomware has encrypted files on the victim's computer, it may be impossible to decrypt these files without the decryption key currently. This is one of the reasons why the Malevich Ransomware and other encryption ransomware Trojans have proven to be so difficult to stop and so popular among con artists: the victim's files will remain encrypted and inaccessible even if the Malevich Ransomware infection is removed with a reliable security program. To counteract these kinds of attacks, it is essential that computer users backup their data regularly on an external memory device.

How the Malevich Ransomware Attack Works

The Malevich Ransomware uses its encryption algorithm to encrypt the victim's files, making them inaccessible. After encrypting the victim's files, the Malevich Ransomware drops a ransom note that instructs the victim to contact an included email address. The Malevich Ransomware demands the payment of a ransom in BitCoins. The amount of the ransom can vary, but it is usually between 1 and 3 BitCoin (between $600 and $1800 USD). In most cases, the Malevich Ransomware is delivered to the victim's computer via a corrupted file attachment. These kinds of corrupted files may be attached to spam email messages that use social engineering techniques to trick inexperienced computer users into opening their contents frequently. The Malevich Ransomware can, however, be delivered by other means. For example, the Malevich Ransomware could be installed by hacking into the target's PC directly, or it may be distributed by including the Malevich Ransomware in popular downloads on file-sharing websites.

After the Malevich Ransomware has managed to infiltrate the victim's computer, it carries out its attack by encrypting all files with certain extensions. The Malevich Ransomware will search for the following file types on the targeted PC:

.odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps.

After encrypting the victim's files, the Malevich Ransomware drops ransom notes in the form of text and HTML files on the victim's computer. These ransom notes instruct the victim about what has happened and include instructions for the payment of the ransom using anonymous means. Malware researchers advise computer users to avoid paying the Malevich Ransomware's ransom. There are numerous cases of con artists ignoring victims after they have delivered the payment, or asking for even more money. Paying the Malevich Ransomware's ransom also enables the con artists responsible for this attack to create additional threats and continue refining the Malevich Ransomware and its variants.


Most Viewed