Threat Database Ransomware SWP Ransomware

SWP Ransomware

The infamous Dharma family of ransomware threats has remained popular among cybercriminals as ever, with new variants based on it being discovered almost daily. One of the latest to be observed in the wild is named SWP Ransomware. As a variant of the Dharma Ransomware, the SWP Ransomware doesn't display any major deviation or improvements over its predecessors. The threat operates in a typical ransomware fashion locking its victims' computers with a potent cryptographic algorithm and then extorting them for money in exchange for the potential restoration.

Indeed, the SWP Ransomware can affect numerous filetypes and render them inaccessible and unusable. It also changes the names of the encrypted files drastically, which is a common sight among Dharma variants. In SWP's case, an ID string that has been assigned to the specific victims is appended to the original file name. The ID is followed by an email address under the control of the hackers responsible for unleashing SWP Ransomware - 'eusa@tuta.io.' Finally, the threat appends '.SWP' as a new file extension. Affected users will find a set of instructions left by the hackers in text files named 'FILES ENCRYPTED.txt' and as a message displayed in a pop-up window.

The text files by themselves provide little clarity as they simply tell victims to contact either the 'eusa@tuta.io' email or an alternate address at 's1m4@protonmail.ch.' The pop-up window elaborates that the secondary email address is supposed to be used only after 12 hours pass without users receiving an answer from the first one. The ransom note also warns victims not to rename the encrypted files or attempt to decrypt them with any third-party tools as that could have adverse effects.

The full set of instructions displayed in the pop-up window is:

'YOUR FILES ARE ENCRYPTED

Don't worry,you can return all your files!

If you want to restore them, follow this link:email eusa@tuta.io YOUR ID 1E857D00

If you have not been answered via the link within 12 hours, write to us by e-mail:s1m4@protonmail.ch

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

The 'FILES ENCRYPTED.txt' message is:

'all your data has been locked us

You want to return?

write email eusa@tuta.io or s1m4@protonmail.ch'

The ransom note explains to victims that their files are encrypted, and the only way to get them back is to send money to the perpetrators. The message also warns users against using third-party decryption tools or attempting to rename encrypted files, as doing so could lead to permanent data loss. Victims receive a unique ID they should quote when contacting the attackers. The ransom note doesn’t mention a specific ransom demand or payment method, with users getting those from the attacker directly.

Should You Pay the Ransom?

The one thing you can trust the cybercriminals on is the threat that only they can decrypt encrypted data. However, you should never give them your money or listen to other ransom demands. There have been several cases where victims don’t receive the decoding software they pay for, meaning they are out of both money and data.

Cybercriminals could also use you to contact them to take things to another level. The "decryption software" could load additional malware on to your computer instead, even if it does remove the encryption. One should never take a criminal at their word. Instead, look towards other options for restoring your data.

How to Restore Files Affected by SWP

The first thing to do whenever you are hit by malware is to remove the virus in question. There are many software solutions out there for malware removal, and nearly all of them can get the job done. Antivirus apps find and remove viruses and malware quickly and automatically. Unfortunately, removing the malware won’t be enough to get your data back. The only way to do that would be to use a data backup, such as an external backup or cloud backup. Removing the virus prevents it from doing further damage or encrypting files as soon as you restore them. You may want to make a copy of the encrypted files if public decryption software is made available in the future.

How to Avoid Malware Attacks

There are various viruses out there in the world, each designed for a different purpose. Keyloggers steal password information and user data, for example. For ransomware, the goal is to hold files to ransom and make a profit from unsuspecting users. As different as these threats are, they share some commonalities – such as how they are distributed. The primary distribution method for any computer virus is spam emails and file-sharing platforms.

File-sharing sites such as BitTorrent and The Pirate Bay are a breeding ground for viruses like SWP. Cybercriminals name their malware after popular games and software or bundle it with cracks for that software. There are more risks to downloading illegal software than you may realize, and we highly recommend avoiding such practices in the future.

Everyone has received spam emails at some point, but not everyone understands that viruses are often hidden in them. Virus creators craft emails that appear legitimate but have malicious links and attachments. Clicking on these links or downloading these attachments infects your computer. Take a no-spam approach to your email to keep your computer safe.

Related Posts

Trending

Most Viewed

Loading...