'Ramachandra7@india.com' Ransomware

The 'Ramachandra7@india.com' Ransomware is a variant of Troldesh (also known as Shade ), a well-known encryption ransomware threat that has been responsible for numerous attacks around the world. The 'Ramachandra7@india.com' Ransomware is designed to encrypt the victims' files, in the same way as numerous other encryption ransomware Trojans that are active today. The 'Ramachandra7@india.com' Ransomware uses an RSA-2048 key and the AES-256 encryption to make the victim's files inaccessible, taking them hostage essentially. The 'Ramachandra7@india.com' Ransomware changes the infected files' extensions to '.the 'Ramachandra7@india.com'.xtbl'. The use of the 'xtbl' string to identify the infected files is one of the ways in which Troldesh variants can be identified easily. The newest variants of this threat family have been using @india.com domain email addresses. The 'Ramachandra7@india.com' Ransomware displays ransom notes with a short text over a colorful background, also a characteristic of recent Troldesh variants.

How the 'Ramachandra7@india.com' Ransomware may Enter a Computer

Although there are many ways in which the 'Ramachandra7@india.com' Ransomware may enter a computer, the usual method for delivery of the 'Ramachandra7@india.com' Ransomware and other Troldesh variants is through corrupted email attachments. These email attachments may be included in spam email messages that contain messages designed to trick inexperienced computer users into opening the attached files. Common variants of this hoax may include fake receipts, tracking documents from shipping companies or plane tickets. Because of this, opening unsolicited email attachments is an action that should be avoided. PC security analysts also advise computer users to avoid opening suspicious email attachments sent by email contacts, who may have had their email accounts compromised. When uncertain, it is a good idea to confirm it via a different method (such as a phone call) with the source of the email.

How the Attack of the 'Ramachandra7@india.com' Ransomware Works

The 'Ramachandra7@india.com' Ransomware attack is fairly typical of Troldesh variants. Essentially, the 'Ramachandra7@india.com' Ransomware enters a computer via covert means and encrypts the victim's files. The 'Ramachandra7@india.com' Ransomware will search the victim's hard drives for files matching a certain list of file extensions. The 'Ramachandra7@india.com' Ransomware then uses its strong encryption algorithm to encrypt the files, making them inaccessible. The 'Ramachandra7@india.com' Ransomware drops ransom notes on the victim's computer, which instruct the victim to email the included address to receive instructions on how to pay a ransom in exchange for the decryption key. The 'Ramachandra7@india.com' Ransomware targets the following file types during its encryption:

.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.

Here is a sample of a ransom note used by the 'Ramachandra7@india.com' Ransomware and other Troldesh variants typically:

Your computer has been encrypted by cryptographically strong algorithm.
All your files are now encrypted. You have only one way to get them back safely – using original decryption tool. Using another tools could corrupt your files, use it on your own risk. To get original decryptor contact us with email. the 'Ramachandra7@india.com' It is in your interest to respond as soon as possible to ensure the restoration of your files, because we won't keep your decryption keys at our servers more than one week in interest of our security.
PS. only in case you do not receive a response from the first email address within 48 hours, please use this alternative email address Johnycryptor@india.com.