Panda Ransomware
The Panda Ransomware is an encryption ransomware Trojan that was first observed on November 21, 2017. It seems that the Panda Ransomware is one of the many variants in the Globe Imposter Ransomware, a large family of ransomware Trojans that has been responsible for various infections in 2017. There are two variants of the Panda Ransomware itself, each using different file extensions to mark files encrypted by the attack. The first one of these variants marks infected files with the file extension '.PANDA.' The second one marks files encrypted by the attack with the file extension '.Ipcrestore', added to the end of each file's name.
How the Panda Ransomware Attack Works
These infections work by making the victim's files inaccessible by using a mix of the AES and RSA encryptions so that the files become inaccessible. Attacks like the Panda Ransomware target the user-generated files and avoid the Windows system files and other files that would prevent the Panda Ransomware from displaying a ransom note or the victim from making the payment. The file types that may be targeted in these attacks include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Panda Ransomware delivers a ransom note in the form of a text file dropped on the victim's computer, as well as a program window, after the victim's files have been encrypted. The Panda Ransomware's ransom note also may be included in an HTML file named 'how_to_back_files.html,' where the victim is instructed to email the cybercrooks at the email addresses 'greenpeace_wtf@aol.com' and 'greenpeace_28@india.com.' When the victim contacts these people, they will respond by demanding a ransom payment of several hundred US dollars to be paid using BitCoins (which allows for anonymous ransom payments).
Dealing with the Panda Ransomware and Protecting Your Data from these Attacks
As you can see, there are more than enough motives to take precautions against these attacks. A sure protection against these infections is to have file backups on safe locations. Having file backups allows computer users to restore their files after an attack without the need to contact the people responsible for the attack or attempt to negotiate a ransom payment. Apart from having file backups, computer users should use a trusty security program to prevent the Panda Ransomware from making its way into their computers in the first place. A combination of security software and file backups will provide the best protection against these threats. However, since one of the main transmission methods for these infections is the use of corrupted email attachments and embedded links delivered using spam email messages, they should learn how to handle this unsafe content safely. Proper training in learning how to recognize spam email messages and known online tactics is one of the best ways to prevent the Panda Ransomware and other ransomware attacks, especially in corporate or government environments, which tend to be the preferred targets for these attacks since the potential ransom payout is higher than with individuals.
