'.obfuscated File Extension' Ransomware

The '.obfuscated File Extension' Ransomware is an encryption ransomware Trojan that was first observed on January 15, 2019. The '.obfuscated File Extension' Ransomware is commonly spread through fake updates for Adobe Flash and spam email attachments. The '.obfuscated File Extension' Ransomware carries out an attack that involves enciphering the victim's files to take them captive and then demanding a ransom payment from the victim.

How the '.obfuscated File Extension' Ransomware Attacks a Computer

The '.obfuscated File Extension' Ransomware targets the user-generated files in its attack, encrypting them with a strong encryption algorithm. The '.obfuscated File Extension' Ransomware will target many file types, which include media files, documents and databases. The files that will become corrupted in the event of an '.obfuscated File Extension' Ransomware infection include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '.obfuscated File Extension' Ransomware drops a ransom note on the infected computer. This ransom note takes the form of a text file named 'Read Me.tx,' which contains the following ransom demand message:

'Hello, dear friend!
=================================================
1-[All your files have been ENCRYPTED!]
Your files are NOT damaged! Your files are modified only.
The only way to decrypt your files is to receive the decryption program.
your files can not be decrypted without the special program we made it for your computer.
=================================================
2-[ HOW TO RETURN FILES? ]
To receive the decryption program Write to our email "BigBobRoss@computer4u.com"
and tell us your unique ID
=================================================
3-[ FREE DECRYPTION! ]
Free decryption as guarantee.
We guarantee the receipt of the decryption program after payment.
To believe, you can give us 1 file that must be less than 1MB and we decrypt it for free.
File should not be important to you! databases, backups, large excel sheets, etc.
=================================================
4-[ Instruction ]
the easiest way to buy bitcoins is LocalBitcoins site. you have to register, click "buy bitcoins"
and select the seller by payment method and price.
h[tt]ps://localbitcoins[.]com/buy_bitcoins
=================================================
CAUTION!
please do not change the name of files or file extension if your files are important to you!
Your unique ID : [hexadecimal string]'

Protecting Your Data from the '.obfuscated File Extension' Ransomware

Unfortunately, once the '.obfuscated File Extension' Ransomware has encrypted the files, they will no longer be recoverable. Because of this, the best protection against threats like the '.obfuscated File Extension' Ransomware is to have backup copies of your files stored on the cloud or on an external memory device. This way, when the '.obfuscated File Extension' Ransomware encrypts a file, it can be replaced with the backup copy after the threat itself is removed with the help of a security program.