Repair_data@cryptmail.com Ransomware

The Repair_data@cryptmail.com Ransomware is an encryption ransomware Trojan that was first observed on June 13, 2018. The Repair_data@cryptmail.com Ransomware carries out a typical version of this attack by encrypting the victim's files and demanding a ransom. The most popular way in which criminals distribute the Repair_data@cryptmail.com Ransomware, like many other variants in this type of tactic, is by delivering corrupted spam email attachments that encompass embedded macro scripts that download and set up the Repair_data@cryptmail.com Ransomware onto the victim's computer.

The Repair that should be Avoided at Any Cost

The Repair_data@cryptmail.com Ransomware is a variant in the Xorist Ransomware family, which was first observed in March 2018. Previous email addresses that have been associated with ransomware Trojans that are part of this ransomware family include the following:

blackstarmafia@qq[.]com
fast_decrypt_and_protect@tutanota[.]com
fn1573917917ja@163[.]com
nikosdd@yandex[.]ru

The Repair_data@cryptmail.com Ransomware's purpose, like its predecessors, is to make the victim's files inaccessible, using a strong encryption algorithm to lock the data away. The Repair_data@cryptmail.com Ransomware targets the user-generated files, which may include files with following file extensions.

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The victims of the Repair_data@cryptmail.com Ransomware are asked to pay 0.8 Bitcoin (about 5,500 USD) in exchange for the decryption key. The Repair_data@cryptmail.com Ransomware is notable because it marks the files encrypted by the attack with a very long file extension. Most ransomware Trojans add a short string (often an email address) to the affected files to identify files encrypted by the attack. The Repair_data@cryptmail.com Ransomware, however, adds the following, absurdly long string to all affected files' names:

'...PAY_IN_MAXIM_24_HOURS_OR_ALL_YOUR_FILES_WILL_BE_PERMANENTLY_DELETED_PLEASE_BE_REZONABLE_you_have_only_1_single_chance_YOU_NEED_TO_PURCHASE_THE_DECRYPTOR_FROM_US_FAST_AND_URGENT'

The Repair_data@cryptmail.com Ransomware's Ransom Note and Demands

The Repair_data@cryptmail.com Ransomware attack's purpose is to generate revenue at the expense of the victim. Delivering a ransom note to the infected computer does this. The Repair_data@cryptmail.com Ransomware's ransom note is contained in a text file named 'HOW TO DECRYPT FILES.txt,' which contains the following message:

'YOUR SYSTEM IS LOCKED AND ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
DON'T WORRY YOUR FILES ARE SAFE. TO RETURN ALL TO NORMALLY YOU MUST BUY THE CERBER DECRYPTOR PROGRAM. PAYMENTS ARE ACCEPTED ONLY THROUGH THE BITCOIN NETWORK.
YOU CAN GET THEM VIA ATM MACHINE OR ONLINE
hxxps://coinatmradar[.]com (find a ATM)
hxxps://www.localbitcoins[.]com (buy instantly online any country)
THE PRICE FOR DECRYPTOR SOFTWARE IS 0.8 BTC BTC ADRESS : [34 random characters] (where you need to make the payment)
VERRY IMPORTANT ! DO NOT TRY TO SCAN WITH ANTIVIRUS YOU RISK LOSING YOUR DATA .
ANTIVIRUSES ONLY DESTROY THE ENCRYPTED DATA , THEY DO NOT KNOW THE ALGORITH WITH WICH THE ENTIRE SYSTEM WAS ENCRYPTED. THE ONLY WAY TO DECRYPT YOUR SYSTEM AND RETURN TO NORMAL IS TO BUY THE ORIGINAL DECRYPTOR SOFTWARE.
For more information : repair_dataMscryptmail.com (24/7)
Subject : SYSTEM-LOCKED-ID: [random number]'

Computer users are advised by security analysts to avoid paying the Repair_data@cryptmail.com Ransomware ransom or following the instructions in the Repair_data@cryptmail.com Ransomware's ransom note. Instead, computer users should use file backups to recover any files compromised by the attack. The use of file backups, coupled with a security program that is fully up-to-date, is the best measure against threats like the Repair_data@cryptmail.com Ransomware. Since the Repair_data@cryptmail.com Ransomware is distributed using spam email messages mainly, learning to recognize these tactics also is essential.