PGPSnippet Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 6 |
First Seen: | June 9, 2018 |
Last Seen: | August 26, 2018 |
OS(es) Affected: | Windows |
The PGPSnippet Ransomware is an encryption ransomware Trojan that was first observed by PC security researchers on May 22, 2018. The PGPSnippet Ransomware is based on the Pretty Good Privacy, a program used for securing email messages. The PGPSnippet Ransomware and the resources associated with this program use OpenPGP standard to make the victim's files inaccessible. Unfortunately, the same tools that can be used to keep code and online communications safe can be used by criminals to carry out attacks like the PGPSnippet Ransomware. The PGPSnippet Ransomware is being delivered to victims through the use of spam email campaigns currently, which include corrupted file attachments with embedded macro scripts that download and install the PGPSnippet Ransomware onto the victim's computer frequently.
The PGPSnippet Ransomware will Prevent You from Accessing Your Most Necessary Files
Despite the fact that the PGPSnippet Ransomware uses a different approach in its attack, there is no difference between the tactic used by the PGPSnippet Ransomware and more popular variants such as HiddenTear and the Globe Ransomware variants virtually. The PGPSnippet Ransomware will make the victim's files inaccessible, delete Windows recovery alternatives such as the Shadow Volume Copies and the Windows Restore points, and targets the user-generated files to ensure that valuable, irreplaceable data is targeted in the attack. The PGPSnippet Ransomware and similar threats favor the following file types in their attacks:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Once the PGPSnippet Ransomware encrypts a file, it will no longer be accessible. Each affected file will be easy to recognize because they will have the file extension '.decodeme666@tutanota_com' added to their names. The PGPSnippet Ransomware delivers its ransom note in the form of a text file named '!!!README_DECRYPT!!!.txt' that is dropped on the victim's computer. The PGPSnippet Ransomware demands a ransom of 500 USD to be paid using Bitcoin. The PGPSnippet Ransomware displays a ransom note containing the following text:
'ATTENTION !
All your documents and other files ENCRYPTED !!!
TO RESTORE YOUR FILES YOU MUST TO PAY: 500$ by Bitcoin to this address:
You can open an wallet here:
[links to cryptocurrrency platforms]
Send the file on the way "WIN + R >> %APPDATA%" file name hosts.txt to our e-mail after paymentat this email address: decodeme666@tutanota.com
We will confirm payment and send to you decrypt key + instruction
Remember: you have a 72 hours and if you not paid, that price will up
ATTENTION : all your attempts to decrypt your PC without our software and key can lead to irreversible destruction
of your files !'
Computer users are strongly counseled to refrain from contacting the criminals responsible for the PGPSnippet Ransomware attack or following the instructions in the PGPSnippet Ransomware ransom note.
Protecting Your Data from the PGPSnippet Ransomware
The best protection against threats like the PGPSnippet Ransomware is to have file backups stored on external devices. The use of file backups can help computer users recover their files in the event of an attack. Apart from file backups, computer users should have a working and updated security program and handle suspicious email messages and file attachments with extreme caution to prevent these attacks.