Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan that is used to take the victims' files hostage. The '' Ransomware, like most ransomware Trojans of this type, will encrypt the victim's files; Then, the '' Ransomware will demand the payment of a ransom in exchange for a decryption key, which its victims will need to restore the affected files. Threats like the '' Ransomware can be distributed in countless ways, which may include spam email messages, as well as exploit kits on compromised websites.

Finally a Honest Ransomware Name!

The '' Ransomware attacks started being noticed in the second week of September 2018. According to reports, the '' Ransomware was being distributed through spam email messages containing corrupted PDF and DOCX files that use embedded macro scripts to download and install the '' Ransomware onto the victim's computer. The '' Ransomware seems to be based on a preexisting ransomware Trojan family, the Dharma 2017 Ransomware heavily. However, a code from this family has been merged with elements of the Crysis family of ransomware Trojans.

How the '' Ransomware Carries Out Its Attack

The '' Ransomware will use a strong encryption utility to take over the victim's computer, making the victim's files inaccessible. The '' Ransomware targets the user-generated files, which may include files with the following file extensions:

.odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, .sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, .wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps.

The '' Ransomware marks the affected data by adding the file extension '.[].brrr' to the file's name. This file extension includes the contact email address associated with the criminals responsible for the '' Ransomware. The '' Ransomware also delivers a ransom note in the form of an HTA file named 'Info.hta' that contains a ransom message demanding a ransom payment from the victim.

Dealing with a '' Ransomware Infection

Paying the '' Ransomware ransom or contacting the criminals responsible for the '' Ransomware attack is not advisable. These payments allow criminals to continue creating these threats and claiming more victims. Instead of paying these ransoms, computer users need to take precautions against these threats, as a way to ensure that their data can be recovered after an attack. The best preventive measure computer users can take to keep their data safe is to have file backups. This allows the recovery of the affected files using the backups, bypassing any need to negotiate with criminals for the return of the affected data. Apart from file backups, computer users are advised to have a security program, which can intercept these threats before any harm.


Most Viewed