'retmydata@protonmail.com' Ransomware

By GoldSparrow in Ransomware

Translate To:

The 'retmydata@protonmail.com' Ransomware is an encryption Trojan that was identified on January 3rd, 2019. The 'retmydata@protonmail.com' Ransomware Trojan is known to travel with spam emails that may carry logos of trusted Internet-based services like PayPal, Amazon, eBay, Instagram, Twitter and Facebook. The threat at hand behaves like most cyber-threats to come out in 2018, and it uses publicly available encryption technologies to make the user-generated files unreadable. The 'retmydata@protonmail.com' Ransomware is a typical encryption Trojan that offers a decryption solution in exchange for a set amount of Bitcoin. The 'retmydata@protonmail.com' Ransomware is known to encipher emails, text documents, databases, images, audio, video, and PDFs found on the local disks of the infected hosts. The Trojan removes the Shadow Volume snapshots and the System Restore points created recently, as well as remove its files once its work is done. The threat is reported to attach a custom string to the filenames and lack a traditional ransom note you may expect from the likes of the INDRIK Ransomware. The 'retmydata@protonmail.com' Ransomware is observed to add the following string of characters:

'.recovery_email_[retmydata@protonmail.com]_ID_[8 capital letters].aes256'

For example, 'Bahia-Brazill.jpeg' is renamed to:

'Bahia-Brazill.jpeg.recovery_email_[retmydata@protonmail.com]_ID_[OWIMJUDY].aes256'

The threat actors control the 'retmydata@protonmail.com' email account and may offer a decryptor to the users who are willing to pay hundreds of dollars for their data. Computer security experts warn that paying money to the threat authors may not convince them to help the users restore their data and you should not adhere to their demands. The researcher Michael Gillespie who worked on the 'retmydata@protonmail.com' Ransomware has announced that the user’s data can be decrypted without paying the cybercriminals. You can reach out to Michael Gillespie via the twitter twitter.com/demonslay335. Removing residual files from the 'retmydata@protonmail.com' Ransomware attack manually is not advised. You may want to use a dedicated cybersecurity product with up-to-date definitions installed. AV companies employ the following detection names for the 'retmydata@protonmail.com' Ransomware:

Malware/Win32.Generic.C2907126
Malware@#60blrcpgl59v
Ransom_Crypren.R011C0WLR18
Trojan ( 005446b21 )
Trojan.Generic.D1DFEBAB
Trojan.GenericKD.31452075
Trojan.MulDrop8.63245
Trojan.Win32.Filecoder.flljed
Trojan.Win32.Z.Filecoder.22528.A
W32/Crypren.AEYY!tr.ransom
W32/Trojan.VAVH-1685

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

'retmydata@protonmail.com' Ransomware

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen