Reycarnasi1983@protonmail.com Ransomware
PC security analysts uncovered the Reycarnasi1983@protonmail.com Ransomware, an encryption ransomware Trojan, in the first couple of weeks of June 2018. The Reycarnasi1983@protonmail.com Ransomware is similar to most other encryption ransomware Trojans since it uses an encryption algorithm to encode the victim's files. Then, the Reycarnasi1983@protonmail.com Ransomware demands the payment of a ransom to supposedly send a decryption software to the victims. The Reycarnasi1983@protonmail.com Ransomware stands out for the strong obfuscation used in its code and communications with its Command and Control servers. Most victims of the Reycarnasi1983@protonmail.com Ransomware will become infected with this threat initially after opening a damaged Microsoft Word file contained in a spam email message.
The Reycarnasi1983@protonmail.com Ransomware Attack
The Reycarnasi1983@protonmail.com Ransomware uses AES 256 encryption to make the victim's files inaccessible by its attack. Once the victim's files have been encrypted, the Reycarnasi1983@protonmail.com Ransomware will deliver a ransom note asking the victim to contact the criminals using the email address associated with this threat. The files that threats like the Reycarnasi1983@protonmail.com Ransomware commonly target in these infections include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Reycarnasi1983@protonmail.com Ransomware will add the following string to files encrypted by the attack, making them easy to recognize:
'.reycarnasi1983@protonmail.com.[unique id]'
The Reycarnasi1983@protonmail.com Ransomware's ransom note is contained in a text file named 'ScrewYou.TXT' provocatively. This file will be opened by the victim's default text editor and contains the following message:
'Your files were encrypted with AES-256.
Ask how to restore your files by email reycarnasi1983@protonmail[.]com
Use only gmail[.]com, yahoo[.]com, protonmail[.]com.
Messages written from other mail services we can not get.
We always respond to messages. If there is no answer within 24 hours, then write us with another email service.
[OR]
If within 24 hours you have not received a response, you need to follow the following instructions:
a) Download and install TOR browser: hxxps://www.torproject[.]org/download/download-easy.html.en
b) From the TOR browser, follow the link: torbox3uiot6wchz.onion
c) Register your e-mail (Sign Up)
d) Write us on e-mail: reycarnasi1983@torbox3uiot6wchz[.]onion
ATTENTION: e-mail (reycarnasi1983@torbox3uiot6wchz[.]onion) accepts emails, only with e-mail registered in the TOR browser at torbox3uiot6wchz[.]onion
Any actions on your part over encrypted files can damage them. Be sure to make backups!
In the message write us this ID:
[base64 encoded string]
-----END KEY-----'
Dealing with a Reycarnasi1983@protonmail.com Ransomware Infection
PC security researchers ask computer users to not contact the criminals responsible for the Reycarnasi1983@protonmail.com Ransomware attack. Instead, they should take steps to ensure that their data is safe preemptively. The best protection against the Reycarnasi1983@protonmail.com Ransomware and similar threats is to have file backups. PC users that have backup copies of their files will get their data back simple and easy. Apart from file backups, a security program that is always fully up-to-date should be used to keep your PC safe from intrusion. Since threats like the Reycarnasi1983@protonmail.com Ransomware are delivered using spam email tactics, learning to recognize this content and dealing with spam email messages and attachments safely are all essential parts of keeping your computer immune to threats like the Reycarnasi1983@protonmail.com Ransomware and other threats.
[template:al
