'nautilus369alarm@gmail.com' Ransomware

By GoldSparrow in Ransomware

Translate To:

The 'nautilus369alarm@gmail.com' Ransomware is the third release of note in the line of the RotorCrypt (Roto) Ransomware. The 'nautilus369alarm@gmail.com' Ransomware was registered by malware researchers on August 21st, 2018 and may be dropped on computers via macro-enabled PDF and DOCX files attached to phishing emails. The 'nautilus369alarm@gmail.com' Ransomware was preceded by the 'patagonia92@tutanota.com' Ransomware and the 'blacknord@tutanota.com' Ransomware. The variant that appeared a few months later does not feature major changes, but it uses a new set of 'Command and Control' (C2) servers, a new file marker and a new email inbox for the victims.

The 'nautilus369alarm@gmail.com' Ransomware is reported to encode standard data containers associated with personal photos, audio, video, eBooks, PDFs, spreadsheets, presentations and text. A rather peculiar decision made by the 'nautilus369alarm@gmail.com' Ransomware team is that the Trojan writes a long string to filenames of the encrypted objects. Researchers noticed that the 'nautilus369alarm@gmail.com' Ransomware adds '.!@#$_(decryp in the EMail)____nautilus369alarm@gmail.com____$#@..AlfaBlock' to filenames. For example, 'Wagner-The Ride of the Valkyries.aac' is renamed to 'Wagner-The Ride of the Valkyries.aac.!@#$_(decryp in the EMail)____nautilus369alarm@gmail.com____$#@..AlfaBlock.' The icons of the encrypted objects might be shown as blank sheets of paper in the Windows Explorer. Unlike the 'sqqsdr01@keemail.me' Ransomware and the Scarab-Cybergod Ransomware, the 'nautilus369alarm@gmail.com' Ransomware Trojan does not leave a ransom note, and the users are supposed to contact the email provided in the custom file extension.

Affected PC users are encouraged to use backup images, the System Recovery disks and services like the Google Backup and Sync to restore their data. The encryption utilized by 'nautilus369alarm@gmail.com' Ransomware has not been cracked at the time of writing, and the best way to restore your files is to introduce backups. You should clean the compromised devices using a credible anti-malware scanner. Av companies flag the objects related to the 'nautilus369alarm@gmail.com' Ransomware with the following names:

Gen:Variant.Ransom.RotorCrypt.2
Malware.HighConfidence
Ransom.FileCryptor!8.1A7 (CLOUD)
RansomRotorCrypt!74F68EDEC3C6
Trojan ( 0050f06c1 )
Trojan.Encoder.5342
Trojan.Win32.Filecoder.fgvrka
Trojan/Win32.Ransom.R230222
W32/RotoCrypt.C!tr
Win32.Trojan.Filecoder.Ajvq
a variant of Win32/Filecoder.RotoCrypt.C

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

'nautilus369alarm@gmail.com' Ransomware

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen