My Decryptor Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 20 % (Normal) |
Infected Computers: | 4 |
First Seen: | October 17, 2017 |
Last Seen: | January 10, 2019 |
OS(es) Affected: | Windows |
The My Decryptor Ransomware is an encryption ransomware Trojan. These Trojans are designed to take the victims' files hostage to demand a ransom payment from the victim. The My Decryptor Ransomware was first observed on October 14, 2017, and, seems to carry out a generic encryption ransomware attack, nearly identical to most other similar threat infections. The My Decryptor Ransomware is being delivered to victims in the form of spam email attachments, generally, in the form of Microsoft Word files with bad macro scripts that download and install the My Decryptor Ransomware onto the victim's computer.
Table of Contents
How the My Decryptor Ransomware Carries out Its Attack
The main purpose of the My Decryptor Ransomware is to use a strong encryption method to make the victim's files inaccessible. The victim is then asked to pay a ransom of 0.2 BitCoin (close to USD ll50 at the current exchange rate) to receive the decryption key that the victim needs to restore the affected files. The My Decryptor Ransomware, in its attack, will target the user-generated files while avoiding native Windows system files. This is meant to take the victim's data hostage, but still maintaining the operating system's functionality to ensure that the victim is then capable of reading the payment instructions. The My Decryptor Ransomware marks the files it encrypts by the attack by adding a new file extension made up of seven ransom characters to the end of each affected file's name. The following are examples of the file extensions that the My Decryptor Ransomware and similar ransomware Trojans target in their attacks:
.aif, .apk, .arj, .asp, .bat, .bin, .cab, .cda, .cer, .cfg, .cfm, .cpl, .css, .csv, .cur, .dat, .deb, .dmg, .dmp, .doc, .docx, .drv, .gif, .htm, .html, .icns, .iso, .jar, .jpeg, .jpg, .jsp, .log, .mid, .mp3, .mp4, .mpa, .odp, .ods, .odt, .ogg,.part, .pdf, .php, .pkg, .png, .ppt, .pptx, .psd, .rar, .rpm, .rss, .rtf, .sql, .svg, .tar.gz, .tex, .tif, .tiff, .toast, .txt, .vcd, .wav, .wks, .wma, .wpd, .wpl, .wps, .wsf, .xlr, .xls, .xlsx, .zip.
The My Decryptor Ransomware’s Ransom Demand
The My Decryptor Ransomware delivers the ransom note to the victim in the form of two text files dropped on the infected computer's desktop after encrypting the victim's files. The My Decryptor Ransomware's ransom notes are named:
_HOW_TO_DECRYPT_MY_FILES__.txt
READ_ME_FOR_DECRYPT__.txt
The full text of the My Decryptor Ransomware's ransom notes reads:
'ALL Y0UR D0CUMENTS, PHOTOS, DATABASES AND OTHER IMP0RTANT FILES HAVE BEEN ENCRYPTED!
===
Your files are NOT damaged! Your files are modified only. This modification is reversible.
The only 1 way to decrypt your files is to receive the private key and decryption program.
Any attempts to restore your files with the third-party software will be fatal for your files!
===
To receive the private key and decryption program follow the instructions below:
1. Download "Tor Browser" from https://www.torproject.org/ and install it.
2. In the "Tor Browser" open your personal page here:
xxxx://27dh6y1kyr49yjhx8i3.yhicav6vkj427eox.onion/N3ii3Ne9010*****
Note! This page is available via "Tor Browser" only.
===
Also you can use temporary addresses on your personal page without using "Tor Browser":
xxxx://27dh6y1kyr49yjhx8i3.sayhere.party/N3ii3Ne9010*****
xxxx://27dh6y1kyr49yjhx8i3.goflag.webcam/N3ii3Ne9010*****
xxxx://27dh6y1kyr49yjhx8i3.keysmap.trade/N3ii3Ne9010*****
xxxx://27dh6y1kyr49yjhx8i3.segon.racing/N3ii3Ne9010*****
Note! These are temporary addresses! They will be available for a limited amount of time!'
Dealing with a My Decryptor Ransomware Infection
PC security researchers strongly ask computer users to avoid paying the My Decryptor Ransomware ransom or follow the instructions in the My Decryptor Ransomware's ransom note. Instead, they need to take precautions to ensure that their data can be restored after an attack like the My Decryptor Ransomware. This is especially important because the files encrypted in these attacks can almost never be restored without the decryption key. Therefore, the best protection against threats like the My Decryptor Ransomware is to have file backups. Having backup copies of files in the cloud or other secure places means that the victims of the My Decryptor Ransomware attack can restore their files quickly without having to deal with the untrustworthy people responsible for these attacks.