Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan, designed to take victims' files hostage to extract a ransom payment. The '' Ransomware is a variant in the Scarab family of ransomware, a large family of encryption ransomware Trojans that has been active for several years. The '' Ransomware itself was first observed on January 21, 2019. It is important that computer users take preventive measures to limit the extent of the damage from an infection like the '' Ransomware.

How the '' Ransomware Carries Out Its Attack

The '' Ransomware is typically delivered to the victims through a corrupted file attached to a spam email message, often in the form of a Microsoft Office file with embedded macro scripts. Once the '' Ransomware is installed, it will use the AES encryption to make the victim's files inaccessible. The '' Ransomware's attack targets the user-generated files, which may include a wide variety of media files, images, documents, databases, and other commonly used file types, including files such as the following:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '' Ransomware attack marks the files it affects with the file extension '.[Traher@Dr.Com],' by adding it to the end of each affected file's name. The '' Ransomware delivers a ransom note that demands a ransom payment from the victim. the '' Ransomware's ransom note is very similar to ransom notes used by other Scarab ransomware variants. the '' Ransomware ransom note is contained in a text file named "Read me what to restore files.txt" that delivers the following message to the victim:

'Your files are now encrypted!
Your personal ID:
[random characters]
What happened?
Your important documents, databases, documents, network folders are encrypted for your PC security problems.
No data from your computer has been stolen or deleted.
Follow the instructions to restore files.
How to get the automatic decryptor:
1) Contact us by email In the letter indicate your personal identifier (look at the beginning of this document)
and the external ip-address of the computer which the encrypted files are located.
2) After answering your request, our operator will give toy further instructions that will show what to do next (the answer you will receive as soon as possible)
**Second email address:'

Protecting Your Data from Threats Like the '' Ransomware

The best protection against threats like the '' Ransomware is to have backup copies of your files and to store these backup copies on the cloud or an external memory device. Apart from file backups, computer users should use a security program to protect their computers from intrusion. These two measures alone are generally enough to ensure that most computes remain safe from attacks like these.


Most Viewed