Threat Database Ransomware My Decryptor Ransomware

My Decryptor Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 20 % (Normal)
Infected Computers: 4
First Seen: October 17, 2017
Last Seen: January 10, 2019
OS(es) Affected: Windows

The My Decryptor Ransomware is an encryption ransomware Trojan. These Trojans are designed to take the victims' files hostage to demand a ransom payment from the victim. The My Decryptor Ransomware was first observed on October 14, 2017, and, seems to carry out a generic encryption ransomware attack, nearly identical to most other similar threat infections. The My Decryptor Ransomware is being delivered to victims in the form of spam email attachments, generally, in the form of Microsoft Word files with bad macro scripts that download and install the My Decryptor Ransomware onto the victim's computer.

How the My Decryptor Ransomware Carries out Its Attack

The main purpose of the My Decryptor Ransomware is to use a strong encryption method to make the victim's files inaccessible. The victim is then asked to pay a ransom of 0.2 BitCoin (close to USD ll50 at the current exchange rate) to receive the decryption key that the victim needs to restore the affected files. The My Decryptor Ransomware, in its attack, will target the user-generated files while avoiding native Windows system files. This is meant to take the victim's data hostage, but still maintaining the operating system's functionality to ensure that the victim is then capable of reading the payment instructions. The My Decryptor Ransomware marks the files it encrypts by the attack by adding a new file extension made up of seven ransom characters to the end of each affected file's name. The following are examples of the file extensions that the My Decryptor Ransomware and similar ransomware Trojans target in their attacks:

.aif, .apk, .arj, .asp, .bat, .bin, .cab, .cda, .cer, .cfg, .cfm, .cpl, .css, .csv, .cur, .dat, .deb, .dmg, .dmp, .doc, .docx, .drv, .gif, .htm, .html, .icns, .iso, .jar, .jpeg, .jpg, .jsp, .log, .mid, .mp3, .mp4, .mpa, .odp, .ods, .odt, .ogg,.part, .pdf, .php, .pkg, .png, .ppt, .pptx, .psd, .rar, .rpm, .rss, .rtf, .sql, .svg, .tar.gz, .tex, .tif, .tiff, .toast, .txt, .vcd, .wav, .wks, .wma, .wpd, .wpl, .wps, .wsf, .xlr, .xls, .xlsx, .zip.

The My Decryptor Ransomware’s Ransom Demand

The My Decryptor Ransomware delivers the ransom note to the victim in the form of two text files dropped on the infected computer's desktop after encrypting the victim's files. The My Decryptor Ransomware's ransom notes are named:


The full text of the My Decryptor Ransomware's ransom notes reads:

Your files are NOT damaged! Your files are modified only. This modification is reversible.
The only 1 way to decrypt your files is to receive the private key and decryption program.
Any attempts to restore your files with the third-party software will be fatal for your files!
To receive the private key and decryption program follow the instructions below:
1. Download "Tor Browser" from and install it.
2. In the "Tor Browser" open your personal page here:
Note! This page is available via "Tor Browser" only.
Also you can use temporary addresses on your personal page without using "Tor Browser":
Note! These are temporary addresses! They will be available for a limited amount of time!'

Dealing with a My Decryptor Ransomware Infection

PC security researchers strongly ask computer users to avoid paying the My Decryptor Ransomware ransom or follow the instructions in the My Decryptor Ransomware's ransom note. Instead, they need to take precautions to ensure that their data can be restored after an attack like the My Decryptor Ransomware. This is especially important because the files encrypted in these attacks can almost never be restored without the decryption key. Therefore, the best protection against threats like the My Decryptor Ransomware is to have file backups. Having backup copies of files in the cloud or other secure places means that the victims of the My Decryptor Ransomware attack can restore their files quickly without having to deal with the untrustworthy people responsible for these attacks.


Most Viewed