'Suppteam01@india.com' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 251 |
| First Seen: | October 19, 2016 |
| Last Seen: | July 10, 2022 |
| OS(es) Affected: | Windows |
The Suppteam01@india.com' Ransomware is an encryption Trojan that uses cryptography mechanisms to lock the user's data and demand Bitcoins in exchange for the decryption key. The name of the Trojan is derived from the email address that affected users are directed to contact in case they cannot access their files and find a text file named 'Your files are locked !!!' on their desktop. The 'Suppteam01@india.com' Ransomware claims to be a variant of the CryptoLocker Ransomware, which ceased its operations back in 2014. Since then, several copycat Trojans emerged using @india and @yandex email accounts.
Table of Contents
A Copycat of CryptoLocker Uses the Email Suppteam01@India.com to Collect Bitcoins
Some AV vendors are known to recognize the 'Suppteam01@india.com' Ransomware as a part of the PCLock2 family of Trojans. The PCLock2 family of programs is said to encompass crypto malware that uses the brand CryptoLocker. The payload of the 'Suppteam01@india.com' Ransomware is deployed to users in a spam campaign that uses logos from trusted services like Facebook, PayPal, and Amazon to lure users into downloading the threat dropper. Usually, threats like 'Suppteam01@india.com' Ransomware and Anubis Ransomware may be installed using the macro functionality in Microsoft Office and JavaScript.
Infected Users are Welcomed to Send 1.2 BTC to the Wallet of Extortionists
The 'Suppteam01@india.com' Ransomware is known to run as sysjar.exe and masquerade as a Java applet. The encryption process may take some time depending on the volume of data that is stored on affected drives. The 'Suppteam01@india.com' crypto malware is reported to target commonly used data containers for photos, databases, text, audio, video and presentations. The 'Suppteam01@india.com' Ransomware is likely to prioritize the encryption of files on the primary system drive (C:\ drive on most computers running Windows OS). Security analysts note that the 'Suppteam01@india.com' Ransomware can operate on the latest versions of Windows and does note use a custom file extension. Corrupted data containers are found to have an encrypted file header and appear as a blank icon in the Windows Explorer.
As stated above, the ransom note is dropped to the desktop in the form of 'Your files are locked !!!.txt'. The message reads:
'Support e-mail: suppteam01@india.com suppteam01@yandex.ru
Your personal files encryption produced on this computer: photos, videos, documents, etc.
Encryption was produced using a unique public key RSA-2048 generated for this computer.
To decrypt files you need to obtain the private key.
The single copy of the private key, which will allow to decrypt the files,
located on a secret server on the Internet; the server will destroy the key after 120 hours.
After that nobody and never will be able to restore files.
To obtain the private key for this computer, you need pay 1.2 Bitcoin (~761 USD)
Your Bitcoin address:
[34 random characters]
You must send 1.2 Bitcoin to the specified address and report it to e-mail customer support.
In the letter must specify your Bitcoin address to which the payment was made.'
Users will be Provided with a Program Interface for the 'Suppteam01@India.com' Ransomware
The 'Suppteam01@India.com' Ransomware comes with a tool to facilitate the decryption process in case you make the payment. The program features a countdown timer and a widget that will notify the user if successful payment has been registered. The app can provide a list of encoded files and display the following message:
'Support e-mails: suppteam01@india.com suppteam01@yandex.ru
Your personal files encryption produced on this computer: photos, videos, documents, etc. Encryption was produced using a unique public key RSA-2048 generated for this computer.
To decrypt files you need to obtain the private key.
The single copy of the private key, which will allow to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that nobody and never will be able to restore files.
To obtain the private key for this computer, which will automatically decrypt files, you need pay 1.2 Bitcoin (~761 USD)
You can easily delete this software, but you must know that without it, you will never be able to get your original files back.
Disable your antivirus to prevent the removal of this software.
For more information on how to buy and send bitcoins, click 'Pay with Bitcoin'. To open a list of encoded files, click 'Show Files'.
Do not delete this list, it will be used for decryption. And do not move your files.'
We do not encourage users to comply with the terms of the 'Suppteam01@India.com' Ransomware. The cyber crooks that run the campaign of the 'Suppteam01@India.com' Ransomware are not likely to provide a decryption key and may consider installing a backdoor Trojan onto your PC as well. We have seen that practice with the Threat Finder Ransomware. Computer users should seek the assistance of a reputable anti-malware solution to remove the 'Suppteam01@India.com' Ransomware and minimize the risk of a backdoor Trojan being installed remotely. You might be able to restore data using the Shadow Volume Explorer and services like Google Drive. We should note that the best option is to recover from a backup image stored on removable media.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.