Threat Database Ransomware '' Ransomware

'' Ransomware

The public tends to see malware creators as highly-skilled individuals with dark powers, almost like modern-day black magicians. While there are some that fit this description certainly, most individuals who operate malware threats are nothing like this. More often than not, cyber crooks borrow code from one another and alter it ever so slightly to fit their preferences and needs. This is the case with today's ransomware threat – the '' Ransomware.

Propagation and Encryption

Once researchers spotted the '' Ransomware and looked into it, it became evident that this threat is a variant of the Omerta Ransomware. The propagation methods applied in the spreading of the '' Ransomware may vary – from mass spam email campaigns with messages that contain macro-laced attachments to fake pirated copies of popular applications, which carry the threat. A brief scan will be performed as soon as the '' Ransomware compromises the host. This will help the threat locate the files of interest. Next, the '' Ransomware will start locking all the files it targets. Upon encrypting a file, the '' Ransomware will alter its name by appending a '.[].omerta' extension at the end of the filename. For example, an audio file called 'dark-sun.mp3' will be renamed to 'dark-sun.mp3.[].omerta.’

The Ransom Note

In the next step, a ransom note called 'READ THIS IF YOU WANT TO GET ALL YOUR FILES BACK.TXT' will be dropped on the victim's desktop. In the note, the attackers claim that the ransom fee will be determined depending on how quickly you get in touch with them. The operators of the '' Ransomware demand to be contacted via email and provide an email address – ‘'

It is always good decision to stay away from cybercriminals. Nothing good will come out of attempting to reason or negotiate with them. It is best to look into obtaining a legitimate anti-spyware solution, which will wipe off the '' Ransomware from your computer and keep it safe going forward.


Most Viewed