Threat Database Adware PGPSnippet Ransomware

PGPSnippet Ransomware

By GoldSparrow in Adware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 6
First Seen: June 9, 2018
Last Seen: August 26, 2018
OS(es) Affected: Windows

The PGPSnippet Ransomware is an encryption ransomware Trojan that was first observed by PC security researchers on May 22, 2018. The PGPSnippet Ransomware is based on the Pretty Good Privacy, a program used for securing email messages. The PGPSnippet Ransomware and the resources associated with this program use OpenPGP standard to make the victim's files inaccessible. Unfortunately, the same tools that can be used to keep code and online communications safe can be used by criminals to carry out attacks like the PGPSnippet Ransomware. The PGPSnippet Ransomware is being delivered to victims through the use of spam email campaigns currently, which include corrupted file attachments with embedded macro scripts that download and install the PGPSnippet Ransomware onto the victim's computer frequently.

The PGPSnippet Ransomware will Prevent You from Accessing Your Most Necessary Files

Despite the fact that the PGPSnippet Ransomware uses a different approach in its attack, there is no difference between the tactic used by the PGPSnippet Ransomware and more popular variants such as HiddenTear and the Globe Ransomware variants virtually. The PGPSnippet Ransomware will make the victim's files inaccessible, delete Windows recovery alternatives such as the Shadow Volume Copies and the Windows Restore points, and targets the user-generated files to ensure that valuable, irreplaceable data is targeted in the attack. The PGPSnippet Ransomware and similar threats favor the following file types in their attacks:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Once the PGPSnippet Ransomware encrypts a file, it will no longer be accessible. Each affected file will be easy to recognize because they will have the file extension '.decodeme666@tutanota_com' added to their names. The PGPSnippet Ransomware delivers its ransom note in the form of a text file named '!!!README_DECRYPT!!!.txt' that is dropped on the victim's computer. The PGPSnippet Ransomware demands a ransom of 500 USD to be paid using Bitcoin. The PGPSnippet Ransomware displays a ransom note containing the following text:

All your documents and other files ENCRYPTED !!!
TO RESTORE YOUR FILES YOU MUST TO PAY: 500$ by Bitcoin to this address:
You can open an wallet here:
[links to cryptocurrrency platforms]
Send the file on the way "WIN + R >> %APPDATA%" file name hosts.txt to our e-mail after paymentat this email address:
We will confirm payment and send to you decrypt key + instruction
Remember: you have a 72 hours and if you not paid, that price will up
ATTENTION : all your attempts to decrypt your PC without our software and key can lead to irreversible destruction
of your files !'

Computer users are strongly counseled to refrain from contacting the criminals responsible for the PGPSnippet Ransomware attack or following the instructions in the PGPSnippet Ransomware ransom note.

Protecting Your Data from the PGPSnippet Ransomware

The best protection against threats like the PGPSnippet Ransomware is to have file backups stored on external devices. The use of file backups can help computer users recover their files in the event of an attack. Apart from file backups, computer users should have a working and updated security program and handle suspicious email messages and file attachments with extreme caution to prevent these attacks.


Most Viewed