Sanctions Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 4 |
First Seen: | April 4, 2017 |
Last Seen: | November 24, 2022 |
OS(es) Affected: | Windows |
The Sanctions Ransomware is an encryption ransomware Trojan that uses a ransomware message that includes a political cartoon mocking the sanctions enforced by the United States against Russia. This political cartoon displays a version of Russia pictured as a large bear about to eat former American President Barack Obama as he says 'Beware my Sanctions.' The Sanctions Ransomware is not the first ransomware Trojan with political content. This content has been observed in previous attacks such as a ransomware with content related to Donald Trump and to Angela Merkel. The Sanctions Ransomware seems to be designed to attack English-speakers and may be distributed using corrupted spam email attachments which, through the use of macros, install the Sanctions Ransomware on the victims' computers.
The Undeserved Sanction Applied by the Sanctions Ransomware
The Sanctions Ransomware uses the AES-256 encryption to make the victims' files inaccessible completely. The Sanctions Ransomware will target files on all local drives, as well as on removable drives and network storage detected on the infected computer. The Sanctions Ransomware will encrypt the victims' files and then each affected file's name will have the extension '.wallet' added as a way of identifying them. This extension has been observed in other ransomware attacks, although it seems to be a fairly common tactic and does not denote a specific relationship between this and other ransomware Trojans. The Sanctions Ransomware will encrypt the following file types, among others:
3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
The Sanctions Ransomware delivers its ransom note in the form of an HTML file named 'RESTORE_ALL_DATA.html' dropped on the victim's desktop. This HTML file contains the following ransom note message:
'YOUR UNIQ IDENTIFICATOR:
[RANDOM CHARACTERS]
What happened with my files?
All your files has been locked (encrypted) with Ransomware
For encrypting we using strong cryptographic algorithm AES256+RSA-2048. Do not attempt to recover the files yourself.
You might corrupt your files. We also rewrite all old blocks on HDD and you don't recover your files with Recuva and other...
YOU HAVE ONLY 5 DAYS FOR BUY YOUR DECRYPTION TOOL
It is not advised to use third party tools to decrypt, if we find them you, you will forever lose your files.
How i can restore my files?
1) Go to link: BUY DECRYPTION INFO and look your price for decryption
2) Go to BTC exchange services and buy Bitcoin
3) Buy your decryption info
BTC Guide:
Top BTC exchange sites: LocalBitcoins (We recomend), Coinbase, BTC-E,
Online wallets: Blockchainlnfo, Block.io'
Victims of the Sanctions Ransomware attack are asked to pay a ransom of 0.499 BitCoin, approximately $578 USD.
Dealing with the Sanctions Ransomware
Computer users shouldn't pay the Sanctions Ransomware ransom. Instead, they should take precautionary measures to ensure that their machines are well protected from threats like the Sanctions Ransomware. The single best precaution you can take against the Sanctions Ransomware and similar ransomware Trojans is to have backup copies of your files. If the recovery of the computer users' files from a backup is viable, then the con artists lose their leverage since computer users no longer have a reason to pay the ransom they demand. Apart from file backups, malware researchers advise the use of a reliable security application that is fully up-to-date.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.