Threat Database Ransomware Ransom102 Ransomware

Ransom102 Ransomware

By GoldSparrow in Ransomware

The Ransom102 Ransomware is a file cryptor program that infiltrates computers via corrupted documents primarily. PC users who open spam emails and their attached files are the primary targets for the Ransom102 Ransomware campaign. The threat actors behind the Ransom102 Ransomware may use logos associated with the Microsoft Corp. and to lure the users into loading a weaponized Microsoft Word file. The Ransom102 Ransomware is known to create a process called 'win_defender_patch.exe' to facilitate its attack and minimize potential detection by AVs. The Ransom102 Ransomware is observed to rename the encrypted files by adding the '.ransomwared' suffix. For example, 'Varadero BEach—Cuba.png' is renamed to 'Varadero BEach—Cuba.png.ransomwared.' The Ransom102 Ransomware is said to delete the Shadow Volume snapshots, and the System Restore points, which is a technique employed by many ransomware variants aiming to limit the user's ability to restore files. Once the encryption process is completed, the Ransom102 Ransomware proceeds to show a program window titled 'Recovery' that features the Windows 10 logo. The window produced by the Ransom102 Ransomware is not to be associated with legitimate services by Microsoft Corp. The message reads:

'You are ransomwared! To recover your files, email us and buy recovery code 🙂
[TEXT BOX] [Recovery|BUTTON]
Encrypted: C:\Users\\Documents
Encrypted: C:\Users\\Pictures
Encrypted: C:\Users\\Videos
Encrypted: C:\Users\\Music'

The Ransom102 Ransomware is designed to force users into buying a "recovery code" by negotiating with the threat authors via the '' email account. We recommend that the users keep a backup manager on their systems and export data backups to a removable memory drive. You should have backups and avoid interaction with the ransomware actors so that you can keep your money and rebuild your system if you experience a drive crash and OS corruption. PC users may want to invest in a removable HDD, SSD and explore file-hosting services to counter the effects of threats like the Ransom102 Ransomware efficiently. Detection names for the Ransom102 Ransomware can be found below:



Most Viewed