Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption Trojan that was identified on January 3rd, 2019. The '' Ransomware Trojan is known to travel with spam emails that may carry logos of trusted Internet-based services like PayPal, Amazon, eBay, Instagram, Twitter and Facebook. The threat at hand behaves like most cyber-threats to come out in 2018, and it uses publicly available encryption technologies to make the user-generated files unreadable. The '' Ransomware is a typical encryption Trojan that offers a decryption solution in exchange for a set amount of Bitcoin. The '' Ransomware is known to encipher emails, text documents, databases, images, audio, video, and PDFs found on the local disks of the infected hosts. The Trojan removes the Shadow Volume snapshots and the System Restore points created recently, as well as remove its files once its work is done. The threat is reported to attach a custom string to the filenames and lack a traditional ransom note you may expect from the likes of the INDRIK Ransomware. The '' Ransomware is observed to add the following string of characters:

'.recovery_email_[]_ID_[8 capital letters].aes256'

For example, 'Bahia-Brazill.jpeg' is renamed to:


The threat actors control the '' email account and may offer a decryptor to the users who are willing to pay hundreds of dollars for their data. Computer security experts warn that paying money to the threat authors may not convince them to help the users restore their data and you should not adhere to their demands. The researcher Michael Gillespie who worked on the '' Ransomware has announced that the user’s data can be decrypted without paying the cybercriminals. You can reach out to Michael Gillespie via the twitter Removing residual files from the '' Ransomware attack manually is not advised. You may want to use a dedicated cybersecurity product with up-to-date definitions installed. AV companies employ the following detection names for the '' Ransomware:

Trojan ( 005446b21 )


Most Viewed