The Minotaur Ransomware is an encryption ransomware Trojan, designed to take the victims' files hostage to demand a ransom payment. The Minotaur Ransomware reach the victims' computers through corrupted email attachments, often contained in phishing email messages, which will use social engineering techniques to trick computer users into opening the infected file. The file attachments used to deliver the Minotaur Ransomware commonly take the form of Microsoft Office files that include compromised embedded macros, which download and install the Minotaur Ransomware onto the victim's computer.
How the Minotaur Ransomware Carries Out Its Attack
The Minotaur Ransomware infection is typical of these threats. The Minotaur Ransomware will use the AES encryption to make the victim's files inaccessible, targeting the user-generated files such as media files, various document types, databases and many others. The following are examples of the files that threats like the Minotaur Ransomware target in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The Minotaur Ransomware marks each file it encrypts by adding the file extension '.lock' to the end of the file's name. After the Minotaur Ransomware encrypts the contents of the victim's computer, the Minotaur Ransomware will deliver a ransom note to the victim. The Minotaur Ransomware ransom note takes the form of a text file named 'How To Decrypt Files.txt,' which exhibits the following text:
'(KEY) : [random characters]
(EMAIL) : minotaur0428blaze.it
ALL YOUR FILES ARE ENCRYPTED BY (MINOTAUR) RANSOMWARE!
FOR DECRYPT YOUR FILES NEED TO PAY US A (0.125 BTC)!
FILES ARE ENCRYPTED BY (MINOTAUR) RANSOMWARE!'
The Minotaur Ransomware decryption software is sold for 800 USD approximately in Bitcoin. However, PC security experts strongly advise computer users not to pay this amount since it allows criminals to continue creating and delivering threats. Furthermore, the criminals will rarely deliver the decryption key after the payment is realized, and will often target the victim for additional attacks after they have demonstrated a willingness to pay the Minotaur Ransomware ransom.
Protecting Your Data from Threats Like the Minotaur Ransomware
The best protection against threats like the Minotaur Ransomware is to have file backups. Backup copies of your data should be stored out of reach from threats like the Minotaur Ransomware. Unfortunately, security programs are not capable of decrypting files encrypted by the Minotaur Ransomware. However, security software capable of intercepting and removing threats like the Minotaur Ransomware is still a crucial way of ensuring that your data is protected from threats like the Minotaur Ransomware and other threats.