PC security analysts observed the Panama1@tutamail.com Ransomware, an encryption ransomware Trojan, on June 11, 2018. The Panama1@tutamail.com Ransomware seems to be developed independently and does not seem to be based on open source code or be part of a Ransomware as a Service (RaaS) platform. The Panama1@tutamail.com Ransomware, like most ransomware Trojans active currently, is being distributed to victims via spam email messages containing a document attachment that uses corrupted embedded macro scripts to download and install the Panama1@tutamail.com Ransomware onto the victim's computer. The Panama1@tutamail.com Ransomware, like most ransomware Trojans, will take the victim's files hostage by encrypting them with a robust encryption algorithm and then demanding a ransom that will be exchanged for the software needed to the recovery of the affected files.
The Panama1@tutamail.com Ransomware Infection Process
Once the Panama1@tutamail.com Ransomware is installed, this ransomware threat scans the victim's computer for the files that match certain file extensions. The Panama1@tutamail.com Ransomware will create a list of the targeted files and generate encryption and decryption keys, which will be stored on its Command and control server after the encryption process is complete. This makes them impossible to be obtained by PC security researchers. The Panama1@tutamail.com Ransomware also will eliminate other possible file recovery options as part of its attack. For example, the Panama1@tutamail.com Ransomware will delete the Windows System Restore points and the Shadow Volume Copies of the victim's files. Some of the files that threats like the Panama1@tutamail.com Ransomware will target in their attacks include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
When the Panama1@tutamail.com Ransomware encrypts the files, they will be easily recognizable because the Panama1@tutamail.com Ransomware will add the string '!@#$%___________%$#@.mail' to their names, which makes them no longer recognized by Windows. The encrypted files will show up as blank icons in the Windows Explorer. They also will no longer be accessible, and may even be lost permanently since current technology does not allow for their decryption without the decryption key. The Panama1@tutamail.com Ransomware delivers its ransom note in the form of a text file that is dropped onto the victim's desktop. This file is named 'DECRYPT FILES.txt' and threatens the victims and tells them to email the criminals to receive the decryption software.
Dealing with the Panama1@tutamail.com Ransomware Infection
PC security researchers do not endorse computer users contacting the criminals responsible for the Panama1@tutamail.com Ransomware attack. Instead of doing this, computer users should restore their files from a backup copy. Having backups of their files stored securely is the best protection against threats like the Panama1@tutamail.com Ransomware. Also, a security program that is capable of dealing with ransomware threats and fully up-to-date can prevent intrusion and threats like the Panama1@tutamail.com Ransomware from being installed in the first place. Since one of the most used ways of delivering the Panama1@tutamail.com Ransomware to the victims is via spam email attachments, learning to recognize spam email tactics and dealing with potentially malicious email attachments is an essential part of preventing malware infections like the Panama1@tutamail.com Ransomware. A combination of file backups, security software, and common sense is the best protection against threats.