The Ransomed@india.com Ransomware is a file encoder Trojan that was reported on May 16th, 2018. Computer security researchers alert that threat actors are using logos from trusted Internet service provides online shops and social networks to lure PC users into opening a macro-enabled document that installs the Ransomed@india.com Ransomware on their machines.
The threat is very similar to older Trojans like the Cry9 Ransomware and the Cry36 Ransomware that is because the Trojan at hand is based on the same source — the Crypton Ransomware. The Ransomed@india.com Ransomware features small modifications compared to earlier releases and the most obvious one is the use of a new email account to contact victims. Changes under the hood include a new set of ‘Command and Control’ servers, as well as modified encryption algorithms. The Ransomed@india.com Ransomware deletes the Shadow Volume snapshots and the System Restore points, which means that you will need backup images and system recovery disks if you encounter this threat. We have seen the Ransomed@india.com Ransomware encipher data in the following formats:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, doc, .epub, .docx, .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mobi, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .zip, .js, .php, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb.
It is likely that the affected users would not have access to content that can be read using software like MySQL, MongoDB, Microsoft Office, VLC Media Player, 7Zip, FastStone Image Viewer and other desktop applications. The Trojan loads the ransom note as ‘HOWTODECRYPTFILES.html’ that is saved to the desktop and offers the following text:
‘All files are encrypted!
To decrypt files, you need to purchase special software <
Restore the data, follow the instructions!
You can learn more / request e-mail:
You can learn more/questions in the chat:
h[tt]ps://cryptxf3zamy56fz.tor2we[.]link (not need Tor)
h[tt]ps://cryptxf3zamy56fz.onion[.]plus (not need Tor)
h[tt]ps://cryptxf3zamy56fz[.]onion (need Tor)
You can learn more problem out Bitmessage:
It is possible to counter threats like Ransomed@india.com Ransomware with the help of a trusted anti-malware shield and a good backup manager. We advise against contact with the threat authors via ‘firstname.lastname@example.org’ as you may be invited to pay hundreds of dollars worth of Bitcoin and lose your money. PC users who want to protect their data against power outages, system crashes, and crypto-threat may be interested in what Google Inc., Dropbox Inc., and Microsoft Corp. have to offer.