Threat Database Ransomware SnowPicnic Ransomware

SnowPicnic Ransomware

By GoldSparrow in Ransomware

The SnowPicnic Ransomware is an encryption ransomware Trojan. The SnowPicnic Ransomware was first observed on the Halloween, October 31, 2018. The SnowPicnic Ransomware is being delivered to victims via spam email attachments mainly. the SnowPicnic Ransomware carries out an attack that compromises the victims' data, and precautions should be taken to make sure that you are protected from the SnowPicnic Ransomware and similar threats.

A SnowPicnic Should be Something as Unpleasant as a SnowPicnic Infection

The victims of the SnowPicnic Ransomware attack will receive a PDF or Microsoft Word document in a spam email attachment, and the victims will have the SnowPicnic Ransomware installed onto their computers by macro scripts contained on these documents. Once the SnowPicnic Ransomware is installed, it uses a strong encryption algorithm to make the victim's files inaccessible. The SnowPicnic Ransomware is derived from other ransomware Trojans detected earlier in 2018 and doesn't execute a new attack type. The SnowPicnic Ransomware targets the user-generated files in its infection process, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The SnowPicnic Ransomware marks the files it has as targets by adding the file extension '.snowpicnic' to the affected file's name. The SnowPicnic Ransomware drops ransom notes onto the victim's computer. These ransom notes will appear as HTML and TXT files named 'Read,' both of which contain the following message for the victim:

'Your files has been encrypted with Millitary Grade Algorithm AES-256 (Advanced Encrypting Standard) h[tt]ps://en.wikipedia[.]org/wiki/Advanced_Encryption_Standard,
And for decrypt: Buy to my wallet 0 bitcoins, not 0.5, not 1, not 2,0 bitcoins!ator will be crypted, obfuscated, and encoded with ASCII chars. Abort - spread to all computers. Retry - Record to BIOS and Hard Disk for installation and spreading before reinstalled:***
Good luck!
Good bye!'

Dealing with a SnowPicnic Ransomware Attack

The victims will be provided with an email address or other contact information to pay a ransom and contact the criminals. However, the SnowPicnic Ransomware does not include this information, essentially making it functions as a data wiper, since there may be no way to decrypt the compromised data. The best you can do to protect your machine against threats like the SnowPicnic Ransomware is to have the means to restore the compromised files. The best way to do this is to have backup copies of all of your data. These backups will enable computer users to replace the encrypted copies with their backups after the attack. A security program also should be used to protect your computer from ransomware Trojan attacks.

Trending

Most Viewed

Loading...