Threat Database Ransomware Meteoritan Ransomware

Meteoritan Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 5,996
First Seen: March 27, 2017
Last Seen: November 7, 2020
OS(es) Affected: Windows

The Meteoritan Ransomware is an encryption ransomware Trojan that is used by con artists to force computer users to pay large amounts of money. The Meteoritan Ransomware attacks were first reported on March 22, 2017. PC security researchers suspect that the Meteoritan Ransomware is being distributed using corrupted documents attached to spam email messages. These documents contain corrupted scripts that download and install the Meteoritan Ransomware on the victim's computer. Once the Meteoritan Ransomware enters a computer, it encrypts the victim's files with a strong encryption algorithm to demand the payment of a ransom through BitCoins. Threats like the Meteoritan Ransomware pose a serious threat to the computer users' data. Once the Meteoritan Ransomware encrypts the files, they become unrecoverable, and it will be necessary to restore them from a backup copy.

How the Meteoritan Ransomware can Lock Your Files

The Meteoritan Ransomware receives its name based on a logo that it shows to the victim in its ransom note. This message includes the text 'the Meteoritan Ransomware' and uses a logo that is orange and red. The Meteoritan Ransomware seems to target computer users in America and in Western Europe. The Meteoritan Ransomware is capable of encrypting files on all local drives, as well as on storage on a network and external memory devices connected to the infected computer. The Meteoritan Ransomware encrypts the victim's data using the AES-256 encryption, making it impossible to recover the affected files with current technology. The Meteoritan Ransomware will target the following file types during its attack (among others):


The Meteoritan Ransomware Is Used to Make Money for Its Developers

The files affected by the Meteoritan Ransomware cannot be opened and will appear as blank icons in the Windows Explorer. The Meteoritan Ransomware is capable of carrying out its attack without requiring an Internet connection. The Meteoritan Ransomware uses the RSA-2048 encryption to make the decryption key inaccessible to the victim. The Meteoritan Ransomware saves its data to the file METEORITAN.RAMSOM located in the Temp directory. Victims are asked to get an ID number from a file name METEORITAN.POLAND located in the same place. The Meteoritan Ransomware creates files named 'readme_your_files_have_been_encrypted.txt' and 'where_are_your_files.txt' on the infected computer's desktop. These files contain the Meteoritan Ransomware's ransom note, which reads as follows:

Your documents, photos, databases and other important files have been encrypted by RSA-4096 alghorythm generated by your computer, if you want to restore your files, you must get a decryption key.
How can I get decrypt key?
1. Send E-Mail to with your ID. Your ID is in METEORITAN.POLAND file, open in Notepad.
2. Get Bitcoins. Bitcoin is a cryptovalute, which can pay. Use these sites:,,,
3. In e-mail turning, we get a value of your key. Pay it.
4. In 24 hours you get an decrypt key. If you don't see e-mail, check spam catalogue.
5. Run aplication and enter your key.

Dealing with the Meteoritan Ransomware

PC security researchers strongly advise computer users to refrain from contacting the people responsible for the Meteoritan Ransomware attack. They may ask for a very large ransom, and once it has been paid, there is no guarantee that they will provide the decryption key. Instead, malware researchers advise computer users to restore their files from a backup copy and remove the Meteoritan Ransomware with the help of a reliable security program that is fully up-to-date.


Most Viewed