'.mp3 File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | February 16, 2016 |
| Last Seen: | June 12, 2022 |
| OS(es) Affected: | Windows |
PC security researchers have encountered a TeslaCrypt variant that changes encrypted files' extensions to 'MP3.' However, in this case, the 'MP3' extension does not indicate that the file is an audio file but that it has been encrypted. The '.mp3 File Extension' Ransomware is a variant of TeslaCrypt 3.0, of which numerous variants were released in early 2016. Unfortunately, once the '.mp3 File Extension' Ransomware has encrypted the victim's files, there is no way to decrypt the affected files currently without access to the decryption key. The '.mp3 File Extension' Ransomware also drops ransom notes on the victim's computer, and may use the following format to name the files:
_H_e_l_p_RECOVER_INSTRUCTIONS+[3-characters].png
_H_e_l_p_RECOVER_INSTRUCTIONS+[3-characters].txt
_H_e_l_p_RECOVER_INSTRUCTIONS+[3-characters].HTML
Ransomware has become ever more prevalent. These new variants of TeslaCrypt are particularly threatening because they close a loophole that permitted computer users to recover from previous version of this threat infection. If the '.mp3 File Extension' Ransomware has infected your computer, it may be necessary to recover the infected files from a backup and, ideally, to wipe the infected hard drive clean before recovering from the backup.
How the '.mp3 File Extension' Ransomware may Infect a Computer
Threats like the '.mp3 File Extension' Ransomware may follow the steps below when infecting a computer:
- The '.mp3 File Extension' Ransomware may be delivered by using common threat delivery methods, particularly threatening email messages.
- When the '.mp3 File Extension' Ransomware infects a computer, the '.mp3 File Extension' Ransomware searches for the file extensions listed below:
- Using an AES encryption algorithm, the '.mp3 File Extension' Ransomware encrypts all files found that match the list above. As part of the infection process, the '.mp3 File Extension' Ransomware changes the infected files' extension to 'MP3.' It may be impossible to recover the decryption key from the '.mp3 File Extension' Ransomware infection itself, since this information is generated and stored on its Command and Control server.
- The '.mp3 File Extension' Ransomware also deletes all Shadow Volume copies of infected files and System Restore Points, making it impossible to recover the infected files using these alternate methods.
- To demand payment of its ransom, the '.mp3 File Extension' Ransomware drops ransom notes in the form of PNG, TXT, or HTML files on the victim's computer. These notes tell the victim that it is necessary to pay the ransom using BitCoins and may include instructions on how to perform the payment. The following is a common ransom message associated with the '.mp3 File Extension' Ransomware and its many variants:
.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt
Your personal files are encrypted!
Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click "Show Encrypted Files" button to view a complete list on encrypted files, and you can personally verify this.
Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.
