Threat Database Ransomware $$$ Ransomware

$$$ Ransomware

A new data-encrypting Trojan has emerged recently. The name of this new threat is $$$ Ransomware. As we can see by the name, the authors of the $$$ Ransomware are not hiding exactly what they are after – cash. Like the majority of ransomware threats, the $$$ Ransomware will make sure to encrypt all the data present on the compromised system including documents, images, videos, spreadsheets, presentations, audio files, databases, archives, etc. Often, authors of ransomware threats claim that the victim's data can only be restored with the decryption key they possess, but this is not always true.

Propagation and Encryption

< Malware analysts have not yet pinpointed the exact infection vector involved in the spreading of the $$$ Ransomware. Spam emails are a likely candidate, as this is one of the most common propagation methods used by creators of data-locking Trojans certainly. The victims would receive an email that contains a bogus message that aims at convincing them to launch the macro-laced attached file while painting it as a harmless attachment. If the users comply and launch the attached file, their system will be infected by the $$$ Ransomware. Of course, there are other propagation techniques that are used commonly – malvertising campaigns, fake software updates, torrent trackers, etc. Upon compromising the targeted PC, the $$$ Ransomware will scan the files present on the system. Next, with the help of an encryption algorithm, the $$$ Ransomware will start locking all the targeted files. This file-locking Trojan will append a new extension to the affected files - '.$$$.' For example, a file named 'black-coffee.mp4' will be renamed to 'black-coffee.mp4.$$$.'

The Ransom Note

To get their message across to the user, the attackers will make sure that the $$$ Ransomware drops a ransom note on the infected system. The message of the attackers can be found in a file called 'readme.txt.' The criminals do not specify what the ransom fee is. However, rest assured that it will be a hefty sum, as most authors of ransomware require at least a few hundred dollars in exchange for a decryption key. The attackers demand that the victim gets in touch with them via email. Two email addresses are provided for this purpose - '' and ''

Malware researchers advise users against complying and paying cybercriminals like the shady actors responsible for the $$$ Ransomware. Instead, users should look into obtaining a reputable ant-virus solution that will remove the $$$ Ransomware from their computers.


Most Viewed