Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan that was released in March 2019. The '' Ransomware belongs to the Xorist family of ransomware Trojans. Threats in this family are typically created using a ransomware building kit that allows the criminals to create custom versions of this threat as part of a Ransomware as a Service (RaaS) platform. The '' Ransomware attack is very effective since it takes the victim's files hostage by making them unreachable. The '' Ransomware's objective is to extort its victims by demanding a ransom payment in exchange for supposedly returning access to the encrypted data.

The '' Ransomware will not Restore Anything

The '' Ransomware doesn't have too many differences when compared with other threats of its kind since it uses a ransomware attack that has been seen numerous times before. The one unique aspect of the '' Ransomware is that it marks the files it takes hostage in its attack with a particularly long string:


This string is included in each encrypted file. The '' Ransomware attack uses the AES and RSA encryptions to make the victim's files inaccessible. The '' Ransomware targets the user-generated files, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '' Ransomware's Ransom Demands

The '' Ransomware delivers a ransom demand. The '' Ransomware's ransom note is contained in a text file that is named 'READ ME FOR DECRYPT.txt' and is dropped on the infected computer's desktop. The text of the '' Ransomware ransom note reads:

'All your important files were FROZEN on this computer.
Encryption was produced using unique KEY generated for this computer. To decrypted files, you need to obtain private key.
The single copy of the private key, with will allow you to decrypt t he files, is locate on a secret server on the internet;
The server will destroy the key within 36 hours after encryption com pleted.
To retrieve the private key, you need to pay 1 bitcoins Bitcoins have to be sent to this address: 36FsfnUVWSw2F6hTXmz5bYikqUOyisH3
After you've sent the payment send us a n email to : with subject : ERROR-ID-631992019 If you are not familiar with bitcoin you can buy it from here:
After we confirm the payment , we send the private key so you can decrypt your system.'

Computer users should refrain from paying the '' Ransomware's ransom or following the instructions in its ransom note. Instead, affected users should replace the files compromised by the '' Ransomware with backup copies after the '' Ransomware is removed with a reliable security application.


Most Viewed