SkyFile Ransomware

The SkyFile Ransomware is an encryption ransomware Trojan that was first observed on April 7, 2018. The SkyFile Ransomware is an encryption ransomware Trojan, meaning that it uses an encryption algorithm to make the victim's files inaccessible to take them hostage. Threats like this demand a ransom payment in exchange for the decryption key, necessary to restore access to the affected files. PC security researchers advise taking precautions against these threats to ensure that your data is safe.

How the SkyFile Ransomware Trojan Affects a Computer

The SkyFile Ransomware uses the AES encryption to make the victim's files inaccessible. The SkyFile Ransomware will target the user-generated files, which may include a wide variety of file types, including the following:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

In fact, the SkyFile Ransomware targets a very large number of file types, more than 7000, according to PC security researchers. The SkyFile Ransomware can be delivered in a wide variety of ways, which may include social engineering, exploit kits, and take advantage of unsecured RDP connections. However, the most common method for delivering the SkyFile Ransomware and similar threats is through the use of spam email messages wit corrupted file attachments.When the SkyFile Ransomware attack corrupts a file, it will be marked with the file extension '.sky.'

The SkyFile Ransomware’s Ransom Demand

The SkyFile Ransomware delivers a ransom note in the form of a text file named 'HOW TO DECRYPT.txt' after encrypting the victim's files. However, this ransom note does not contain any information about the ransom amount or payment. The following is the text of the SkyFile Ransomware ransom note:

'Oops, all your files have been encrypted =(
To decrypt your files, write to me at the e-mail: getsend@tutanota.com
Your data for decryption:
Private ID: ***
Private Key: *****'

The SkyFile Ransomware also has been associated with an executable file named 'SkyFile Decryptor.exe,' which is delivered to the victim's desktop. This file displays a program window that contains the following text:

'Oops, your files have been encrypted. Such as: photos, videos, documents, etc. To decrypt your files, read HOW TO DECRYPT.txt.'

The SkyFile Ransomware delivers a decryptor named 'SkyFile Decryptor | Zeus CitadeL.' However, this don't, in any way, indicates that the SkyFile Ransomware is related to the Zeus Trojan, however.

Dealing with the SkyFile Ransomware

A preliminary study of the SkyFile Ransomware Trojan indicates that the AES encryption used in the SkyFile Ransomware attack is not implemented correctly so that it may be possible for PC security researchers to create a tool or a decryption utility to help computer users recover their data. However, in most cases, it is impossible to restore files encrypted by these attacks. Because of this, it is always a good idea to have file backups stored on the cloud or an external storage device. Having access to file backups means that computer users can restore their files immediately by replacing the versions corrupted by the SkyFile Ransomware with the backup version. Computer users also should set up a security program that is fully up-to-date to intercept these infections before they carry out their attacks.