'.spaß File Extension' Ransomware

The '.spaß File Extension' Ransomware is an encryption ransomware Trojan that is based on the Jigsaw Ransomware, a large Trojan family that has been active since 2016. The '.spaß File Extension' Ransomware variant was observed on September 24, 2018. The '.spaß File Extension' Ransomware targets computer users located in German-speaking regions, such as Germany and Austria. The '.spaß File Extension' Ransomware carries out a typical encryption ransomware attack, taking the victim's files hostage and asking for a ransom in return to the compromised data.

Symptoms of a '.spaß File Extension' Ransomware Infection

The '.spaß File Extension' Ransomware uses the AES encryption to make the victim's files inaccessible. The '.spaß File Extension' Ransomware applies this encryption method to the user-generated files, such as media files, documents and configuration files. The files that are commonly damaged in attacks like the '.spaß File Extension' Ransomware include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '.spaß File Extension' Ransomware marks the files compromised by the attack by changing the affected files' file extension (hence the name by which the '.spaß File Extension' Ransomware is known).

The '.spaß File Extension' Ransomware's Ransom Demand

The '.spaß File Extension' Ransomware demands a ransom payment. To do this, the '.spaß File Extension' Ransomware drops a ransom note on the victim's computer. This ransom note appears as a pop-up HTA program window that delivers the following message in German:

'Alle deine Datein wurden Verschlüsselt:
Wenn du mich schliesst, kleiner machst oder den Pc ausmachst werden 1000 Datein gelöscht.
Das kann ich nicht mal verhindern.
Am 1.Tag werde ich ein paar Datein löschen.
Am 2.Tag werde ich ein paar 100 Datein löschen.
Am 3.Tag werde ich ein paar 1000 Datein löschen.
Jede Stunde werde ich 1 Datei löschen.
Wenn du deine Datein wiederbekommen möchtest, befolge die volgenden Regeln.
"Lege dir ein Bitcoin Wallet an.
Zum Beispiel https.//www.blockchain.com
Dann bezahle mir die Bitcoins.
Nur ich kan sie Entschlüsseln.
Viel spaß beim spielen created by /anonxd/'

Below is a translation of the above into English:

'All your files have been encrypted:
If you shut me down, you will make me delete 1000 files.
I can not prevent that.
On the first day, I will delete some files.
On the 2nd day, I will delete a few 100 files.
On the 3rd day, I will delete a few 1000 files.
Every hour I will delete 1 file.
If you want to get your files back, follow the rules below.
Make a Bitcoin Wallet.
For example, https.//www.blockchain.com
Then pay me the bitcoins.
Only I can decode the files.
Have fun playing created by / anonxd /'

It is recommended that computer users ignore the '.spaß File Extension' Ransomwarethes ransom demand and to take preemptive steps to make sure that their data is safe from threats like the '.spaß File Extension' Ransomware.