Threat Database Ransomware Sanctions Ransomware

Sanctions Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 4
First Seen: April 4, 2017
Last Seen: November 24, 2022
OS(es) Affected: Windows

The Sanctions Ransomware is an encryption ransomware Trojan that uses a ransomware message that includes a political cartoon mocking the sanctions enforced by the United States against Russia. This political cartoon displays a version of Russia pictured as a large bear about to eat former American President Barack Obama as he says 'Beware my Sanctions.' The Sanctions Ransomware is not the first ransomware Trojan with political content. This content has been observed in previous attacks such as a ransomware with content related to Donald Trump and to Angela Merkel. The Sanctions Ransomware seems to be designed to attack English-speakers and may be distributed using corrupted spam email attachments which, through the use of macros, install the Sanctions Ransomware on the victims' computers.

The Undeserved Sanction Applied by the Sanctions Ransomware

The Sanctions Ransomware uses the AES-256 encryption to make the victims' files inaccessible completely. The Sanctions Ransomware will target files on all local drives, as well as on removable drives and network storage detected on the infected computer. The Sanctions Ransomware will encrypt the victims' files and then each affected file's name will have the extension '.wallet' added as a way of identifying them. This extension has been observed in other ransomware attacks, although it seems to be a fairly common tactic and does not denote a specific relationship between this and other ransomware Trojans. The Sanctions Ransomware will encrypt the following file types, among others:

3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

The Sanctions Ransomware delivers its ransom note in the form of an HTML file named 'RESTORE_ALL_DATA.html' dropped on the victim's desktop. This HTML file contains the following ransom note message:

'YOUR UNIQ IDENTIFICATOR:
[RANDOM CHARACTERS]
What happened with my files?
All your files has been locked (encrypted) with Ransomware
For encrypting we using strong cryptographic algorithm AES256+RSA-2048. Do not attempt to recover the files yourself.
You might corrupt your files. We also rewrite all old blocks on HDD and you don't recover your files with Recuva and other...
YOU HAVE ONLY 5 DAYS FOR BUY YOUR DECRYPTION TOOL
It is not advised to use third party tools to decrypt, if we find them you, you will forever lose your files.
How i can restore my files?
1) Go to link: BUY DECRYPTION INFO and look your price for decryption
2) Go to BTC exchange services and buy Bitcoin
3) Buy your decryption info
BTC Guide:
Top BTC exchange sites: LocalBitcoins (We recomend), Coinbase, BTC-E,
Online wallets: Blockchainlnfo, Block.io'

Victims of the Sanctions Ransomware attack are asked to pay a ransom of 0.499 BitCoin, approximately $578 USD.

Dealing with the Sanctions Ransomware

Computer users shouldn't pay the Sanctions Ransomware ransom. Instead, they should take precautionary measures to ensure that their machines are well protected from threats like the Sanctions Ransomware. The single best precaution you can take against the Sanctions Ransomware and similar ransomware Trojans is to have backup copies of your files. If the recovery of the computer users' files from a backup is viable, then the con artists lose their leverage since computer users no longer have a reason to pay the ransom they demand. Apart from file backups, malware researchers advise the use of a reliable security application that is fully up-to-date.

Trending

Most Viewed

Loading...