OoPS Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 1,935 |
Threat Level: | 80 % (High) |
Infected Computers: | 13,129 |
First Seen: | June 5, 2017 |
Last Seen: | September 21, 2023 |
OS(es) Affected: | Windows |
The OoPS Ransomware is an encryption ransomware Trojan that is used to extort computer users. The OoPS Ransomware may be delivered to its victims as an attachment contained in spam email campaigns. The OoPS Ransomware is part of a large family of ransomware, with previous variants having been detected previously. The OoPS Ransomware has variants that will encrypt individual files, while other variants will place the victim's files into a password-protected archive. In both cases, the file extension used to identify the encrypted content is '.oops,' which is included to the end of the files' names. This is why the OoPS Ransomware is referred to with this name. Regretfully, as soon as the files have been encrypted in the OoPS Ransomware attack it can be nearly impossible to restore the affected files if there are no backup copies available.
Uncovering the Files Targeted by the OoPS Ransomware
The OoPS Ransomware is being studied by malware researchers currently and was first observed in early June of 2017. The OoPS Ransomware uses an attack pattern typical of these threats, encrypting the victim's files using the AES encryption. As part of its attack, the OoPS Ransomware will scan the victim's computer for files with the following file extensions:
.mid, .wma, .flv, .mkv, .mov, .avi, .asf, .m peg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .qcow2, .vdi, .vmdk, .vmx, .gpg, .aes, .ARC, .PAQ, .tar, .bz2, .tbk, .bak, .tar, .t z, .rar, .zip, .djv, .djvu, .svg, .bmp, .png, .gif, .raw, .com, .jpeg, .jpg, .tif, .tiff, .NEF, .psd, .cmd, .bat, .class, .jar, .java, .asp, .aspx, .brd, .sch, .dch, .dip, .vbs, .asm, .pas, .cpp, .php, .ldf, .mdf, .ibd, .MYI, .MYD, .frm, .odb, .dbf, .mdb, .sql, .SQLITEDB, .SQLITE3, .asc, .lay6, .lay, .ms11, .sldm, .sldx, .ppsm, .ppsx, .ppam, .docb, .mml, .sxm, .otg, .odg, .uop, .potx, .potm, .pptx, .pptm, .std, .sxd, .pot, .pps, .sti, .sxi, .otp, .odp, .wks, .xltx, .xltm, .xlsx, .xlsm, .xlsb, .slk, .xlw, .xlt, .xlm, .xlc, .dif, .stc, .sxc, .ots, .ods, .hwp, .dotm, .dotx, .docm, .docx, .DOT, .max, .xml, .txt, .csv, .not, .RTF, .pdf, .XLS, .PPT, .stw, .sxw, .Ott, .odt, .DOC, .pem, .csr, .crt, .key, .dat.
After making a list of the files available for encryption on the victim's computer, the OoPS Ransomware will use its encryption engine to make the files inaccessible and add the file extension '.oops' to the compromised files. The OoPS Ransomware will drop an HTML file named '_HELP_Recover_Files_.html' on the infected computer. This HTML file contains the OoPS Ransomware's ransom note, which includes the following text:
!!! IMPORTANT INFORMATION !!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about RSA and AES can be found here:
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Decrypting of your files is only possible with private key and decrypt program, which is on our secret server.
To receive your private key you need to make payment to us.
After you make payment run program called ‘DecryptFiles' that is located on your Desktop and your Documents.
Program will automatically decrypt all of your files!
If you try to decrypt files with another software your files can be forever lost.
How to buy decrypter?
1. You can make a payment with BitCoins, there are many methods to get them.
2. You should register BitCoin Wallet
3. Purchase Bitcoins – Althought it is not very easy to buy bitcoins, it is getting simpler every day.
Here are our recommendations:
Localbitcoins.com (WU) – Buy Bitcoins with Western Union
Coincafe.com – Recommended for fast, simple service.
Localbitcoins.com Service allows you to search for people in your community willing to sell bitcoins to you directly.
CEX.IO – Buy Bitcoins with VISA/MASTERCARD or Wire Transfer
btcdirect.eu – THE BEST FOR EUROPE
4. Send 0.2 BTC to Bitcoin address:
5. After you make payment, run program called ‘DecryptFiles'that is located on your Desktop and your Documents.
Program will automatically decrypt all of your files!'
Dealing with the OoPS Ransomware
PC security analysts advise against paying the OoPS Ransomware's ransom of 0.2 BitCoin. Instead, computer users should take preventive measures to limit the potential damage of an OoPS Ransomware infection. Just having file backups and a reliable security program that is fully up-to- date will be enough to protect your data from the OoPS Ransomware and similar threat infections entirely.