Threat Database Ransomware 'pain@onefinedstay.com' Ransomware

'pain@onefinedstay.com' Ransomware

By GoldSparrow in Ransomware

Security researchers have uncovered a brand-new data-locking Trojan dubbed 'pain@onefinedstay.com' Ransomware. Upon looking further into this newly spotted Trojan, experts found that it is a variant of the infamous Dharma Ransomware – one of the most active ransomware families in the world.

Propagation and Encryption

Threats like the ‘pain@onefinedstay.com' Ransomware are known to target a very wide variety of filetypes. This is due to the fact that the more files a data-locker encrypts, the more likely it is for the victim to pay the ransom fee demanded by the attackers. If you fall victim to the ‘pain@onefinedstay.com' Ransomware, this nasty Trojan will make sure to encrypt all your documents, images, audio files, videos, spreadsheets, presentations, databases, archives and other data present on your system. When the ‘pain@onefinedstay.com' Ransomware encrypts a file, it makes sure to mark it by appending a' .id-<VICTIM ID>.[pain@onefinedstay.com].java' extension to its name. This means that a file that you have named 'honey-lips.mp3' will be renamed to 'honey-lips.mp3.id-<VICTIM ID>.[pain@onefinedstay.com].java' after the encryption process is completed. Every victim receives a unique victim ID, which helps the attackers differentiate between the compromised hosts. The ‘pain@onefinedstay.com' Ransomware may be distributed via fake emails, which would either contain a corrupted link, or a bogus attachment. Other commonly used infection vectors are torrent trackers, corrupted advertisements, fraudulent social media profiles, fake application updates/downloads, etc.

The Ransom Note

Next, the ‘pain@onefinedstay.com' Ransomware drops a ransom note on the breached host. The files containing the ransom message are named 'FILES ENCRYPTED.txt' and 'info.hta.' The ransom message is very short and does not contain a lot of useful information. The attackers demand to be paid in Bitcoin but do not clarify the ransom fee. According to the ransom demand, the authors of the ‘pain@onefinedstay.com' Ransomware are willing to unlock up to five files free of charge, provided that they do not contain important information and do not exceed 10Mb in total size. There is one email address provided – ‘pain@onefinedstay.com.'

We would advise you to keep your distance from cybercriminals. Even if you pay up, there is a high chance that you will be left empty-handed. This is why it is best to eradicate the ‘pain@onefinedstay.com' Ransomware from your computer via a trustworthy anti-malware suite.

Trending

Most Viewed

Loading...