Skymap Ransomware

The Skymap Ransomware is a threat, which was uncovered by malware experts recently. Like many other cybercriminals, the authors of the Skymap Ransomware have opted to use a well-established file-locking Trojan to build their threat on – the infamous STOP Ransomware.

It is not fully certain how the authors of the Skymap Ransomware are propagating their threat, but it is likely that they are employing fraudulent software updates, pirated content, as well as spam email campaigns containing macro-laced attachments. If the Skymap Ransomware worms its way in a system successfully, it will start its attack by scanning the machine. The scheme performed is aimed at detecting and locating the file types that the Skymap Ransomware will then lock. When the data is located, the Skymap Ransomware will begin the encryption process. When this step is completed, the names of the files locked by the Skymap Ransomware will be different than what they were prior to the attack. The Skymap Ransomware applies a '.skymap' extension to the files it locks. This means that a file, which you had named 'sunset.jpeg' originally, would be altered to 'sunset.jpeg.skymap' when the encryption process it through. The next step of the attack is to drop the ransom note. The note goes by the name '_readme.txt' and does not give out much information. The attackers do not even mention what the ransom fee is. They do, however, urge the victim to contact them by email – 'gorentos@bitmessage.ch.'

It is never recommended to give in to the demands of cybercriminals. Do not contact them and certainly do not pay them. Not only will your cash go to further their criminal activities, but there is no guarantee that they will send you a decryption key for your locked data. A better approach is to download and install a reputable anti-malware application and have it wipe the Skymap Ransomware off your system once and for all.