'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 682 |
Threat Level: | 10 % (Normal) |
Infected Computers: | 87,881 |
First Seen: | March 15, 2016 |
Last Seen: | February 20, 2024 |
OS(es) Affected: | Windows |
The 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware is a threat that has been very active in February and March of 2016. The 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware is one of the many known variants of the infamous TeslaCrypt ransomware Trojan. This threat has been used to attack computers since 2014. Although PC security researchers had been able to help computer users recover from TeslaCrypt infections, it seems that the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware and new TeslaCrypt variants are no longer susceptible to the same fix as before. This is because the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware and other new variants of this threat are the version 3.0 of this threat, which has eliminated the loophole that had allowed the recovery of encrypted files previously. If your files have been encrypted by the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware, then you will need to restore them from an external backup or obtain the decryption key.
What a Threat Like the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware may Cause to a Computer User
Ransomware Trojans like the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware are fairly predictable and designed to assume the control of a computer and encrypt the victim's files, holding them for ransom until the affected computer user pays a large amount using Bitcoin or a similar payment method. PC security analysts have determined that the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware, like other new variants of TeslaCrypt 3.0, may be spread using corrupted email attachments. As soon as the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware enters a computer, it searches the user's computer for files that match file extensions in its configuration file. The 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware encrypts the following types of files (with new extensions being added to this list in new updates to this threat):
.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt.
The 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware will take all files with the above extension and use an AES encryption algorithm to make them inaccessible. As part of its attack, the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware will change the files' extension to ReCoVeRy and a string of random letters. The 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware also drops ransom notes in the form of text, image, or HTML files in directories where it has encrypted the victim's files. These ransom notes tell the computer user to pay a large amount of money in BitCoin to recover the encrypted files.
Recovering from the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware
PC security researchers strongly advise that computer users abstain from paying the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware ransomware since there is no guarantee that the people responsible for this attack will restore the encrypted files once the amount is paid. Paying this ransom further finances these attacks, allowing the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware to go on to infect additional computers. Instead, computer users should make sure that all files are properly backed up in an external device or location.
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | svchost.exe | 4155fc2722b435e1510b44f8f0a413b5 | 5 |
2. | poclbm.exe | 472279a849d0e4423f4c7d70844315c4 | 4 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.