Threat Database Ransomware OoPS Ransomware

OoPS Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 782
Threat Level: 80 % (High)
Infected Computers: 8,754
First Seen: June 5, 2017
Last Seen: November 15, 2022
OS(es) Affected: Windows

The OoPS Ransomware is an encryption ransomware Trojan that is used to extort computer users. The OoPS Ransomware may be delivered to its victims as an attachment contained in spam email campaigns. The OoPS Ransomware is part of a large family of ransomware, with previous variants having been detected previously. The OoPS Ransomware has variants that will encrypt individual files, while other variants will place the victim's files into a password-protected archive. In both cases, the file extension used to identify the encrypted content is '.oops,' which is included to the end of the files' names. This is why the OoPS Ransomware is referred to with this name. Regretfully, as soon as the files have been encrypted in the OoPS Ransomware attack it can be nearly impossible to restore the affected files if there are no backup copies available.

Uncovering the Files Targeted by the OoPS Ransomware

The OoPS Ransomware is being studied by malware researchers currently and was first observed in early June of 2017. The OoPS Ransomware uses an attack pattern typical of these threats, encrypting the victim's files using the AES encryption. As part of its attack, the OoPS Ransomware will scan the victim's computer for files with the following file extensions:

.mid, .wma, .flv, .mkv, .mov, .avi, .asf, .m peg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .qcow2, .vdi, .vmdk, .vmx, .gpg, .aes, .ARC, .PAQ, .tar, .bz2, .tbk, .bak, .tar, .t z, .rar, .zip, .djv, .djvu, .svg, .bmp, .png, .gif, .raw, .com, .jpeg, .jpg, .tif, .tiff, .NEF, .psd, .cmd, .bat, .class, .jar, .java, .asp, .aspx, .brd, .sch, .dch, .dip, .vbs, .asm, .pas, .cpp, .php, .ldf, .mdf, .ibd, .MYI, .MYD, .frm, .odb, .dbf, .mdb, .sql, .SQLITEDB, .SQLITE3, .asc, .lay6, .lay, .ms11, .sldm, .sldx, .ppsm, .ppsx, .ppam, .docb, .mml, .sxm, .otg, .odg, .uop, .potx, .potm, .pptx, .pptm, .std, .sxd, .pot, .pps, .sti, .sxi, .otp, .odp, .wks, .xltx, .xltm, .xlsx, .xlsm, .xlsb, .slk, .xlw, .xlt, .xlm, .xlc, .dif, .stc, .sxc, .ots, .ods, .hwp, .dotm, .dotx, .docm, .docx, .DOT, .max, .xml, .txt, .csv, .not, .RTF, .pdf, .XLS, .PPT, .stw, .sxw, .Ott, .odt, .DOC, .pem, .csr, .crt, .key, .dat.

After making a list of the files available for encryption on the victim's computer, the OoPS Ransomware will use its encryption engine to make the files inaccessible and add the file extension '.oops' to the compromised files. The OoPS Ransomware will drop an HTML file named '_HELP_Recover_Files_.html' on the infected computer. This HTML file contains the OoPS Ransomware's ransom note, which includes the following text:

!!! IMPORTANT INFORMATION !!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about RSA and AES can be found here:
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Decrypting of your files is only possible with private key and decrypt program, which is on our secret server.
To receive your private key you need to make payment to us.
After you make payment run program called ‘DecryptFiles' that is located on your Desktop and your Documents.
Program will automatically decrypt all of your files!
If you try to decrypt files with another software your files can be forever lost.
How to buy decrypter?
1. You can make a payment with BitCoins, there are many methods to get them.
2. You should register BitCoin Wallet
3. Purchase Bitcoins – Althought it is not very easy to buy bitcoins, it is getting simpler every day.
Here are our recommendations:
Localbitcoins.com (WU) – Buy Bitcoins with Western Union
Coincafe.com – Recommended for fast, simple service.
Localbitcoins.com Service allows you to search for people in your community willing to sell bitcoins to you directly.
CEX.IO – Buy Bitcoins with VISA/MASTERCARD or Wire Transfer
btcdirect.eu – THE BEST FOR EUROPE
4. Send 0.2 BTC to Bitcoin address:
5. After you make payment, run program called ‘DecryptFiles'that is located on your Desktop and your Documents.
Program will automatically decrypt all of your files!'

Dealing with the OoPS Ransomware

PC security analysts advise against paying the OoPS Ransomware's ransom of 0.2 BitCoin. Instead, computer users should take preventive measures to limit the potential damage of an OoPS Ransomware infection. Just having file backups and a reliable security program that is fully up-to- date will be enough to protect your data from the OoPS Ransomware and similar threat infections entirely.

Related Posts

Trending

Most Viewed

Loading...