PoisonFang Ransomware

PC security researchers observed the PoisonFang Ransomware, an encryption ransomware Trojan in July 2018. The PoisonFang Ransomware claims to be associated with a ransomware project named 'Technion-Israel Institute of Technology,' supposedly released for educational purposes. Regardless of whether this is legitimate or not, it is important to note that ransomware Trojans released for 'educational purposes' initially have often been adapted by criminals to carry out severe attacks to the public. In fact, HiddenTear, responsible for the vast majority of these threats active currently, was also released for educational or proof of concept purposes initially.

How the PoisonFang Ransomware can Enter a Computer

The PoisonFang Ransomware uses the AES and RSA encryptions to make the victim's files inaccessible. The PoisonFang Ransomware also includes a miner component that can be used to mine digital currency using the affected computer's resources. The PoisonFang Ransomware will encrypt the user-generated files, which may include media files, numerous document types and others. The files that are targeted by threats like the PoisonFang Ransomware include:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The criminals associated with the PoisonFang Ransomware are linked to three email accounts: 'omer.cohen@cs.technion.ac.il,' 'talporat@campus.technion.ac.il' and 'sassafro@technion.ac.il.' Unfortunately, once the PoisonFang Ransomware, encrypts the files, they are not recoverable without the decryption code, which the criminals hold in their possession. Threats like the PoisonFang Ransomware are designed to take the victim's files inaccessible, and then demand payment from the victim. The PoisonFang Ransomware's ransom note delivers the following message to the victim (which would demand a ransom payment from the victim usually):

'THIS SOFTWARE the IS the FOR ACADEMIC RESEARCH Purposes to ONLY ONLY!
PoisonFang was developed as part of a ransomware project at the Technion Israel Institute of Technology'

Dealing with Threats Like the PoisonFang Ransomware

It is highly probable that the criminals will take the PoisonFang Ransomware and adapt it to carry out attacks on the public. Because of this, if your computer becomes infected with threats like the PoisonFang Ransomware, you should ignore any requests to pay a ransom or contact the criminals responsible for the attack. Instead, computer users should remove the threat using a strong security program that can deal with this threat kind. Once the PoisonFang Ransomware has been removed, the victim should restore any affected files by replacing them with backup copies. This is why having file backups are such an important part of preventing attacks like the PoisonFang Ransomware. It is strongly advised have backup copies of the files, as well as a security program running all the time.