'Savepanda@india.com' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | August 25, 2016 |
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
Crysis, a well-known threat that emerged in March of 2016, has released various variants this Summer. The 'Savepanda@india.com' Ransomware is one variant of Crysis that carries out a fairly typical encryption ransomware attack on its victims. The 'Savepanda@india.com' Ransomware infection is simple: the 'Savepanda@india.com' Ransomware enters the victim's computer through covert means, encrypts the victim's files (essentially taking them hostage), and then displays a ransom note with directions on how to pay the ransom and receive the means to decrypt the files.
The files that have been encrypted by the 'Savepanda@india.com' Ransomware and other Crysis variants, unfortunately, cannot be recovered without access to the decryption key (which is stored in the 'Savepanda@india.com' Ransomware's command and control servers). This is one of the causes for the steady growth in encryption ransomware attacks in recent years; even if the 'Savepanda@india.com' Ransomware is removed with the help of a reliable security program, the files it encrypted will remain inaccessible until the victim has access to the decryption key. Because of this, attacks like the 'Savepanda@india.com' Ransomware are best dealt with preemptively. Backing up data to an external device and using a reliable security program are two of the best ways to ensure that you are protected from the 'Savepanda@india.com' Ransomware and other Crysis variants properly.
The 'Savepanda@india.com' Ransomware has Nothing to do with Animal Preservation
The 'Savepanda@india.com' Ransomware may be delivered by attaching it to a spam email message. These corrupted email attachments may be disguised as legitimate files, such as receipts or shipping invoices. Because of this, avoid opening unsolicited email attachments and always confirm through external means (such as a phone call) if a suspicious email message and attachment arrives in your inbox. Once the 'Savepanda@india.com' Ransomware has entered the victim's computer, it uses a strong encryption algorithm to encrypt the victim's files. The 'Savepanda@india.com' Ransomware will search for files with certain file extensions to carry out its encryption attack. After encrypting the victim's files, the 'Savepanda@india.com' Ransomware will drop ransom notes in the form of text and HTML files in every directory where it has encrypted files. The 'Savepanda@india.com' Ransomware also will change the victim's Desktop Wallpaper image. The 'Savepanda@india.com' Ransomware will search for the following file types when it infects a computer:
.odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps.
Dealing with the 'Savepanda@india.com' Ransomware and Other Crysis Variants
PC security analysts strongly advise computer users to avoid paying the 'Savepanda@india.com' Ransomware ransom. There is no assurance that the con artists responsible for the 'Savepanda@india.com' Ransomware will deliver the means to decrypt the affected files, and there have been cases where the con artists demand an additional ransom payment. Instead, malware analysts recommend the recovery of the affected files from a backup.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.