Threat Database Ransomware PEC 2017 Ransomware

PEC 2017 Ransomware

By GoldSparrow in Ransomware

The PEC 2017 Ransomware is a ransomware Trojan that seems to be targeted towards computer users in Italy (judging from its ransom note, which is written in Italian). The PEC 2017 Ransomware is being delivered using spam email messages that may use social engineering techniques to convince computer users into opening a corrupted file attachment. The PEC 2017 Ransomware was first observed in early May 2017 and seems to be an isolated threat rather than belonging to a larger family of threats.

How the PEC 2017 Ransomware Attack is Carried Out

The PEC 2017 Ransomware may be delivered in corrupted text documents that display the following pop-up message when opened:

'This document contains links that may refer to other files. Do you want to update this document with the data from the linked files?'

If computer users agree, the document will initiate a connection to a remote server from where the PEC 2017 Ransomware will be downloaded and executed. The PEC 2017 Ransomware uses an executable file named 'languageplugin.exe,' designed to appear to be a Microsoft Office plugin clearly. Although the PEC 2017 Ransomware attack seems fairly basic and does not seem to include the obfuscation and self-defense mechanisms that have been observed in more advanced ransomware variants, the encryption method used by this ransomware Trojan is effective in removing the victim's access to data on the infected computer.

Like the majority of ransomware Trojans active today, the PEC 2017 Ransomware uses a combination of the AES and RSA encryptions to make the victim's files inaccessible. The PEC 2017 Ransomware targets files contained in all local drives, as well as on portable memory devices linked to the infected computer and files located on directories shared on a network. The PEC 2017 Ransomware will search for various file types, which include the following:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The PEC 2017 Ransomware will add the file extension '.pec' to each file encrypted in its attack. Once the PEC 2017 Ransomware encrypts the files, they become unrecoverable.

How the PEC 2017 Ransomware may be Used to Generate Revenue

The PEC 2017 Ransomware delivers a ransom note, which threatens the victim and demands the payment of a ransom. The PEC 2017 Ransomware's ransom note is delivered to the following location:

"C:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\AIUTO_COME_DECIFRARE_FILE.html"

This file contains a ransom note in Italian. Below is the text of the PEC 2017 Ransomware's ransom note translated to English:

'PEC 2017
Learn how to decrypt files
Your files have been encrypted by the PEC 2017 system with AES 256 encryption.
PEC is not decipherable by any software and no antivirus.
How to recover encrypted data
The only way to recover corrupted data is to purchase PEC CLEANER Recovery Software.
Once you have obtained the software, you will be able to recover and restore the corrupted files.
With the same software you can decrypt all damaged files even those on external or network disks.
Warnings
Do not use any antivirus software or decrypt as not only ineffective, but may compromise data retention forever.
With PEC Cleaner, you can retrieve all your perfectly working and unexpected data.
How to Buy PEC CLEANER
Contact the decrypt software manufacturer to purchase the license and download the program:
pec.clean@protonmail.com
Your unlock key is
[RANODM CHARACTERS]
The software will be available for download within 24 hours of your payment and will allow you to restore your data immediately.'

SpyHunter Detects & Remove PEC 2017 Ransomware

File System Details

PEC 2017 Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe cef3a1418ec9b049f578073b901b9881 0
2. file.exe 4b28758126cbbe85f6a32643e00fa047 0
3. file.rtf 51871b441fbbfbda64a1a31e555c97c2 0

Trending

Most Viewed

Loading...