Threat Database Ransomware 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware

'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 682
Threat Level: 10 % (Normal)
Infected Computers: 87,881
First Seen: March 15, 2016
Last Seen: February 20, 2024
OS(es) Affected: Windows

The 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware is a threat that has been very active in February and March of 2016. The 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware is one of the many known variants of the infamous TeslaCrypt ransomware Trojan. This threat has been used to attack computers since 2014. Although PC security researchers had been able to help computer users recover from TeslaCrypt infections, it seems that the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware and new TeslaCrypt variants are no longer susceptible to the same fix as before. This is because the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware and other new variants of this threat are the version 3.0 of this threat, which has eliminated the loophole that had allowed the recovery of encrypted files previously. If your files have been encrypted by the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware, then you will need to restore them from an external backup or obtain the decryption key.

What a Threat Like the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware may Cause to a Computer User

Ransomware Trojans like the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware are fairly predictable and designed to assume the control of a computer and encrypt the victim's files, holding them for ransom until the affected computer user pays a large amount using Bitcoin or a similar payment method. PC security analysts have determined that the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware, like other new variants of TeslaCrypt 3.0, may be spread using corrupted email attachments. As soon as the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware enters a computer, it searches the user's computer for files that match file extensions in its configuration file. The 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware encrypts the following types of files (with new extensions being added to this list in new updates to this threat):

.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt.

The 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware will take all files with the above extension and use an AES encryption algorithm to make them inaccessible. As part of its attack, the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware will change the files' extension to ReCoVeRy and a string of random letters. The 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware also drops ransom notes in the form of text, image, or HTML files in directories where it has encrypted the victim's files. These ransom notes tell the computer user to pay a large amount of money in BitCoin to recover the encrypted files.

Recovering from the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware

PC security researchers strongly advise that computer users abstain from paying the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware ransomware since there is no guarantee that the people responsible for this attack will restore the encrypted files once the amount is paid. Paying this ransom further finances these attacks, allowing the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware to go on to infect additional computers. Instead, computer users should make sure that all files are properly backed up in an external device or location.

File System Details

'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware may create the following file(s):
# File Name MD5 Detections
1. svchost.exe 4155fc2722b435e1510b44f8f0a413b5 5
2. poclbm.exe 472279a849d0e4423f4c7d70844315c4 4

Trending

Most Viewed

Loading...