Threat Database Ransomware May Ransomware

May Ransomware

By GoldSparrow in Ransomware

The May Ransomware is a ransomware Trojan that was first observed in mid-May 2017. The May Ransomware carries out a typical ransomware attack, encrypting the victim's files and then demanding that the victim pays a large ransom in exchange for the decryption program needed to recover the affected files. The May Ransomware is designed to infect computers using the Windows operating system and may be spread to victims through spam email messages, which impersonate messages from legitimate companies such as shipping companies, banks or social media platform. The May Ransomware receives its name because its main executable is named 'May.exe,' although the May Ransomware also may be known as 'Maysomware Ransomware' because the files it encrypts in its attack may be identified with the file extension 'maysomware' in some cases, or with the file extension 'locked' in others.

The High Ransom Demanded by the May Ransomware

The May Ransomware demands the payment of a ransom of 1.5 BitCoin (approximately $3300 USD at the current exchange rate), an amount that is among the higher end demanded by these threats. To make the victim's files inaccessible, the May Ransomware will use a strong encryption algorithm, scanning the infected computer for the following file types (among others) and then encrypting them:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The May Ransomware will target files in the infected computer's main drives, as well as shared network drives and external memory devices connected to the infected computer. The May Ransomware will identify the files affected in the attack with the extension '.maysomware' or '.locked' in some variants. After encrypting the victim's files, the May Ransomware will display its ransom note, contained in an HTML file that is opened by the infected computer's default Web browser. The May Ransomware ransom note's file is named 'Restore_maysomware_files.html' and is dropped on the infected computer's desktop and directories where the May Ransomware encrypted files. The full text of the May Ransomware ransom note reads:

'RANSOMWARE
All your files have been encrypted with the May Ransomware. For encrypt we use AES256+RSA4096. You have 5 days for decrypt your files. Don`t try recover your files.
Decrypt Manual
1) Make your bitcoin wallet on block.io or blockchain.info and buy 1,5 bitcoins on BTC Exchange Sites (h[tt]ps://goo.gl/1PE96T)
2) Send 1,5 bitcoin to adress 3Gw6b57A3E34nAph3mzGbKAj8sTSgD8GP9
3) Write to us on email decrypt@mayofware.solutions. In subject write this identificator [RANDOM CHARACTERS]
4) After receive bitcoins and your email, we contact with you.
— YOU MIGHT DECRYPT 2 FILES FOR FREE. Send it to email decrypt@mayofware.solutions. In Subject, write your UNIQUE Identificator.'

Keeping Your Data Safe from the May Ransomware

PC security analysts do not recommend that computer users contact the people responsible for the May Ransomware attack. Paying the May Ransomware ransom allows them to continue carrying out ransomware attacks and claiming more victims. Instead, it is important to have preventive measures to limit the damage associated with the May Ransomware attack. The best protection against the May Ransomware and other ransomware Trojans is to have file backups on an external memory device or the cloud. A reliable security program that is fully up-to-date and safe browsing and email handling practices are also essential in preventing attacks like the May Ransomware and limiting the extent of the damage in case of an infection.

Related Posts

Trending

Most Viewed

Loading...