Threat Database Ransomware '.SKUNK File Extension' Ransomware

'.SKUNK File Extension' Ransomware

By GoldSparrow in Ransomware

The '.SKUNK File Extension' Ransomware is an encryption ransomware Trojan that belongs to the Globe Imposter 2.0 family of ransomware. Threats in this family are fake versions of the infamous Globe ransomware family. These threats are developed by a different group and use imagery and characteristics of the Globe Ransomware. The '.SKUNK File Extension' Ransomware was first observed on April 17, 2018. There is very little to differentiate the '.SKUNK File Extension' Ransomware from the many other ransomware Trojans being used to attack computer users currently.

This SKUNK will Pester Your Files

The '.SKUNK File Extension' Ransomware uses AES encryption to make the victim's files inaccessible. The '.SKUNK File Extension' Ransomware will take the victim's files hostage, making them inaccessible after encryption. Once the '.SKUNK File Extension' Ransomware encrypts the files of its victims, it will deliver a ransom note. This ransom note is standard for most Globe Imposter 2.0 variants, and is contained in an HTML file named 'READ_IT.html.' This file delivers the following message to the victim:

'Your files are encrypted!
All your important data has been encrypted.
To recover data you need decryptor.
To get the decryptor you should:
pay for decrypt:
site for buy bitcoin:
Buy [RANDOM NUMBER] BTC on one of theses site:
Bitcoin address to pay: [RANDOM CHARCTERS]
Send [RANDOM NUMBER] BTC for decrypt. After the payment: Send screenshot of payment to [RANDOM EMAIL ADDRESS]. In the letter include your personal ID (look at the beginning of this document). After you will receive a decryptor and instructions. Attention! No Payment = No decryption. You really get the decryptor after payment. Do not attempt to remove the program or run the anti-virus tools. Attempts to self-decrypting files will result in the loss of your data. Decoders other users are not compatible with your data, because each user's unique encryption key.'

The '.SKUNK File Extension' Ransomware is associated with different files and messages. The following are some the file names that have been linked to the ransom note associated with attacks by the '.SKUNK File Extension' Ransomware family:

'!SOS!.html,' 'READ_IT.html'

The email addresses that have been linked to the attacks by the '.SKUNK File Extension' Ransomware family are:

'File-Help1@Ya.Ru', 'crypt_fereangos@airmail_cc', '', '',', '', ''

The '.SKUNK File Extension' Ransomware marks the files it encrypted by its attack with the file extension '.SKUNK" as its name indicates. The following are other file extensions that have been used by other variants in this threat family:

'.2cXpCihgsVxB3', '.BONUM', '.BUNNY+', '.CRAZY+', '.GORO', '.PLIN', '.PRIAPOS', '.ReaGAN', '.UNLIS', '.VYA', '.YAYA', '.au1crypt', '.nWcrypt', '.needdecrypt', '.paycyka', '.write_on_email', '.zuzya'

The '.SKUNK File Extension' Ransomware targets the user-generated files in its attack. The following are examples of the files targeted by these attacks:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Protecting Your Data from Threats Like the '.SKUNK File Extension' Ransomware

The best protection against threats like the '.SKUNK File Extension' Ransomware is to make backups of your files and keep them updated. The use of backups is the best protection. However, a security program that is fully updated should be installed and running on your computer all the time.


Most Viewed