'Seven_legion@aol.com' Ransomware

PC security analysts have received reports of 'Seven_legion@aol.com' Ransomware infections. They are part of a large wave of ransomware infections belonging to the Crysis threat family. This latest group of Crysis variants is characterized by the use of aol.com contact email addresses. Like most ransomware Trojans active today, the 'Seven_legion@aol.com' Ransomware is designed to enter a computer, encrypt the victim's files, and then demand that the victim pays a large ransom in exchange for the means to decrypt the affected files. The best protection from the 'Seven_legion@aol.com' Ransomware is to ensure that all data is backed up on an external memory device properly. A reliable security program that is fully up-to-date and from a reputable source should also be used since they can intercept the 'Seven_legion@aol.com' Ransomware before it carries out its attack. Unfortunately, you may not find a way to decrypt files that have been infected by the 'Seven_legion@aol.com' Ransomware currently. Fortunately, it seems that PC security analysts are closer than ever to creating a decryption utility for the 'Seven_legion@aol.com' Ransomware and other Crysis variants.

How the 'Seven_legion@aol.com' Ransomware may Infect a Computer

The files that are encrypted by the 'Seven_legion@aol.com' Ransomware are no longer accessible to the computer user. The 'Seven_legion@aol.com' Ransomware will demand a large ransom payment from the victim to provide the decryption key (frequently between $600 and $1800 USD in BitCoin). Computer users should refrain from paying the 'Seven_legion@aol.com' Ransomware ransom, both because it enables third parties to continue creating threats and carrying out attacks, and because there is no guarantee that the people responsible for the 'Seven_legion@aol.com' Ransomware attack will honor their word and return the victim's files to normal. Most likely, they will keep the money and never respond, or even ask for more money! The 'Seven_legion@aol.com' Ransomware alerts its victims of the attack by delivering ransom notes in the form of text and HTML notes dropped into directories where files were encrypted. The 'Seven_legion@aol.com' Ransomware also will change the victim's Desktop image.

The 'Seven_legion@aol.com' Ransomware Infection and Its Ransom Message

In most cases, the 'Seven_legion@aol.com' Ransomware is delivered via corrupted email attachments. Crysis variants will encrypt the following types of files:

.odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps.

Threats like the 'Seven_legion@aol.com' Ransomware uses a ransom note similar to other Crysis variants. The following is a typical ransom note that has been observed in attacks belonging to other ransomware Trojans created on the Crysis engine:

'Attention! Your computer was attacked by virus-encoder.
All your files are encrypted cryptographically strong, without the original key recover is impossible! To get the decoder and the original key, you need to to write us at the email: the 'Seven_legion@aol.com' Ransomware with subject "encryption" stating your id.
Write in the case, do not waste your and our time on empty threats.
Responses to letters only appropriate people are not adequate ignore.
P.S. only in case you do not receive a response from the first email address within 48 hours please use this alternative email goldman0@india.com.'