Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan first observed on February 19, 2019. The name '' Ransomware is used by many computer security vendors, but some may prefer to use the name SeedLocker Ransomware. The '' Ransomware is typically delivered to the victims via corrupted spam email attachments, generally in the form of Microsoft Office files with embedded macro scripts that download and install the '' Ransomware onto the victim's computer. The '' Ransomware is being distributed through fake fonts scattered online. The '' Ransomware carries out a typical encryption ransomware attack by compromising the victim's files to keep them hostage and then demanding a ransom payment from the victim in exchange for a decryption key.

Why the '' Ransomware Attacks a Computer

The '' Ransomware's attack targets the user-generated files, which may include a wide variety of media files, documents, databases, configuration files, and numerous other data containers. The '' Ransomware attack doesn't mark the files with a new file extension or text string, as is common with many other encryption ransomware Trojans. Once the '' Ransomware has encrypted the victim's files, the '' Ransomware delivers a ransom demand in a ransom note contained in a text file named '!#_How_to_decrypt_files_#!.txt,' which contains the following message:

'>>> SEED LOCKER <<< Hello , dear friend ! 1. [ ALL YOUR FILES HAVE BEEN ENCRYPTED! ] Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the decryption program. 2. [ HOW TO RECOVERY FILES? ] To receive the decryption program write to email: or Ad in subject write your ID: id-[5 random characters] 3. [ FREE DECRYPTION! ] Free decryption as guarantee. We guarantee the receipt of the decryption program after payment. To believe, you can give us up to 3 files that we decrypt for free. Files should not be important to you! (databases, backups, large excel sheets, etc.)'

The data containers that threats like the '' Ransomware typically target in these attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Dealing with the '' Ransomware Infection

The best protection against threats like the '' Ransomware, as with most encryption ransomware Trojans, is to have the ability to restore the encrypted data. Because of this, it is better that computer users have backup copies of their files. Apart from file backups, it also is fundamental to have an anti-malware program, which can be used to intercept the '' Ransomware attack before it happens and remove this threat in the case of an attack.


Most Viewed