Oktropys@protonmail.com Ransomware
The Oktropys@protonmail.com Ransomware an encryption ransomware Trojan that is a variant of Aurora, an encryption ransomware Trojan first observed in May 2018. The Oktropys@protonmail.com Ransomware was first observed in June 2018 and seems to be part of some attacks on small business networks and individual computer users. The Oktropys@protonmail.com Ransomware seems to be delivered to the victims through the use of corrupted spam email messages, often in the form of suspicious email attachments containing embedded macro scripts that download and install the Oktropys@protonmail.com Ransomware onto the victim's computer. The Oktropys@protonmail.com Ransomware also has been observed to be delivered by compromising unprotected Remote Desktop access points and open ports.
Table of Contents
How the Oktropys@protonmail.com Ransomware Attacks Your Files
Once the Oktropys@protonmail.com Ransomware is installed onto the victim's computer, the Oktropys@protonmail.com Ransomware will scan the affected computer in search for files to encrypt in its attack. The Oktropys@protonmail.com Ransomware will target the user-generated files, which may include numerous media files, databases and document types. The Oktropys@protonmail.com Ransomware and similar threats may focus on the following file types:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Oktropys@protonmail.com Ransomware marks the files it compromises with the file extension '.aurora,' which it adds to the file's name. This is a clear reference to the Oktropys@protonmail.com Ransomware's precursor.
The Oktropys@protonmail.com Ransomware’s Ransom Note
The Oktropys@protonmail.com Ransomware encrypts the files and then delivers a ransom note. The Oktropys@protonmail.com Ransomware's ransom note takes the form of a text file named '!-GET_MY_FILES-!.txt.' The Oktropys@protonmail.com Ransomware's ransom note demands a payment of 50 USD in Bitcoin (0.0085 BTC at the current exchange rate). The following is the full ransom message that has been linked to the Oktropys@protonmail.com Ransomware attack:
'SORRY! Your files are encrypted.
File contents are encrypted with random key.
We STRONGLY RECOMMEND you NOT to use any "decryption tools".
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price.
If you want to decrypt your files, you have to get RSA private key.
In order to get private key, write here:
oktropys@protonmail.com
And send me your id, your id:
-[random characters]
And pay 50$ on 1DVrBzv6hb1D217NNqbjaForF3eG3HXc7a wallet
If someone else offers you files restoring, ask him for test decryption.
Only we can successfully decrypt your files; knowing this can protect you from fraud.
You will receive instructions of what to do next.'
Our PC security researchers have not observed any payments delivered to the Bitcoin wallet address used by the Oktropys@protonmail.com Ransomware.
Recovering from an Oktropys@protonmail.com Ransomware Attack
Unfortunately, when the Oktropys@protonmail.com Ransomware damages a file, it cannot be recovered without the decryption key. Computer users should back up their data to ensure that it can be restored after the attack. File backups stored on external places are very effective to counter act these attacks. It is also crucial to have a security program that is fully up-to-date, which can help computer users prevent the Oktropys@protonmail.com Ransomware from being installed and remove the Oktropys@protonmail.com Ransomware infection itself after an attack.
