Storm Ransomware

The Storm Ransomware is an encryption ransomware Trojan that is used to carry out an encryption attack to extort victims. This is a common attack method that has become extremely popular since 2014. The countless variants of encryption ransomware Trojans that exist currently carry out attacks that are identical virtually; they encrypt the victims' files using a strong encryption method, make them inaccessible, and then request that the victim pays a ransom in exchange for the decryption key. It is important to take preventive measures against ransomware Trojans like the Storm Ransomware.

Where the Storm Ransomware Receives Its Name

In its attack, the Storm Ransomware will demand that the victims contact its perpetrators using the email address 'stormransomware' at Gmail, which is the source of the Storm Ransomware's name. The people responsible for these attacks will rarely use these public email addresses since Google can take them down due to their association with threat attacks and distribution. This points to a theory that the Storm Ransomware either is unfinished, in progress, or it was created by amateurs or poorly implemented. One other aspect of the Storm Ransomware is that the password for this email address is lying around in the Storm Ransomware's code.

Distribution Methods Used by the Storm Ransomware

The most common way of delivering the Storm Ransomware to victims is through the use of spam email messages. Victims will receive unsolicited email messages that contain file attachments. The file attachments used to deliver ransomware Trojans like the Storm Ransomware may the form of Microsoft Word files with enabled macros. These files use corrupted macro scripts to download and install the Storm Ransomware on the victim's computer when the victim opens the corrupted file.

How the Storm Ransomware Carries out Its Attack

Once the Storm Ransomware has been installed on the victim's computer, the Storm Ransomware will scan the affected computer's drives in search for certain file types. The Storm Ransomware will target the user-generated files while leaving intact the files required by the Windows operating system. Typically, the Storm Ransomware will encrypt numerous file types, which may include music, audio, video, images, databases, text, eBooks, and numerous other popular file types. The Storm Ransomware uses a strong encryption algorithm to ensure that the files encrypted by the Storm Ransomware attack cannot be recovered without the decryption key, which the con artists hold in their power. The Storm Ransomware runs as 'Stub.exe' on the infected computer. In its attack, this ransomware Trojan will encrypt the following file types (among others):

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The Storm Ransomware’s Ransom Demand

The Storm Ransomware demands a ransom by displaying a program window titled 'Storm Ransomware' on the infected computer. The full text of the Storm Ransomware's ransom demand message reads:

'Hello You he Hacked Now !! Al your personal files have been encrypted ! if you want restore your data you have to pay ! Remember you cant restore your data without our decryptor !!!!
Send mony to my bitcoin : ertyuioppoiuhygtfrdeRFTGYHDEZEFFZEF [Copy|button]
Contact Me : StonnRansomware@gmaicom'

PC security researchers strongly advise computer users to disregard the message in the Storm Ransomware's ransom note. It is not encouraged to pay the ransom these threat infections demand. Instead, PC security analysts advise restoring the affected files from backup copies and removing the Storm Ransomware using a reliable security program that is fully up-to- date.