Threat Database Ransomware SERVER Cryptomix Ransomware

SERVER Cryptomix Ransomware

By GoldSparrow in Ransomware

The SERVER Cryptomix Ransomware is an encryption ransomware Trojan that PC security researchers observed on January 4, 2018. The SERVER Cryptomix Ransomware is one of the many variants of CryptoMix, a well-known ransomware family. The SERVER Cryptomix Ransomware, like many other encryption ransomware Trojans active today, is being delivered to victims through spam email messages. The victims will receive an email message with an attached Microsoft Word file that includes a corrupted embedded script that downloads and installs the SERVER Cryptomix Ransomware onto the victim's computer. The computer users will be tricked into allowing the SERVER Cryptomix Ransomware download to occur with a message claiming that there is a 'missing font' that needs to be downloaded to view the file.

The SERVER Cryptomix Ransomware Affects Numerous File Types

Once the SERVER Cryptomix Ransomware has been installed on the victim's computer, it will initiate its ransomware attack, virtually identical to most encryption ransomware attacks that are active today. The SERVER Cryptomix Ransomware uses a strong encryption algorithm to make the victim's files inaccessible. The SERVER Cryptomix Ransomware targets commonly used file types, searching for the user-generated files and avoiding the Windows system files. Examples of the files that may be affected by a SERVER Cryptomix Ransomware infection include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The SERVER Cryptomix Ransomware will rename the affected files, replacing their numbers with strings of 32 letters and numbers, as well as adding the file extension '.SERVER' to each file that is encrypted by the SERVER Cryptomix Ransomware infection. The SERVER Cryptomix Ransomware demands the payment of a ransom in exchange for the decryption key necessary to restore the affected files after making the victim's files inaccessible. To do this, the SERVER Cryptomix Ransomware delivers a ransom note. The SERVER Cryptomix Ransomware's ransom note takes the form of a text file named '_HELP_INSTRUCTION.TXT' that contains the following text:

'Hello!
Attention! All Your data was encrypted!
For specific informartion, please send us an email with Your ID number:
serverup@keemail.me
serverup@protonmail.com
serverup1@yandex.com
serverup3@yandex.com
ann.c@iname.com
Please send email to all email addresses! We will help You as soon as possible!
IMPORTANT: DO NOT USE ANY PUBLIC SOFTWARE! IT MAY DAMAGE YOUR DATA FOREVER!
DECRYPT-ID-[id] number'

Protecting Your Data from Threats Like the SERVER Cryptomix Ransomware

However, following the instructions in the SERVER Cryptomix Ransomware's ransom note or contacting the criminals responsible for the SERVER Cryptomix Ransomware at one of the provided email addresses is not something that malware experts recommend. It is extremely unlikely that these people will help the victim recover the lost data, even if a ransom is paid. Instead, precautionary steps can avoid various attacks and ensure that your data is safe. The best protection against threats like the SERVER Cryptomix Ransomware is to be able to recover your files from a backup copy in the event of an attack. This is why having file backups on the cloud or an external memory device is the best protection against the SERVER Cryptomix Ransomware and other, similar threats that are active today and carry out similar encryption ransomware attacks on their victims' computers.

Trending

Most Viewed

Loading...