Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan that was first observed in March 2019. The '' Ransomware is mainly delivered to victims via compromised Microsoft Word file attachments sent via spam email messages. Once installed, the '' Ransomware carries out a typical encryption ransomware attack, making the victim's files unreachable and then demanding a ransom payment from the victim.

How the '' Ransomware Trojan Attacks a Computer

The '' Ransomware uses a strong encryption algorithm to encrypt the victim's files over between thirty minutes and two hours. The '' Ransomware is based on the Dharma and the Crysis Ransomware, two well-known ransomware families, and carries out a highly effective encryption ransomware attack that makes the victim's files inaccessible. The '' Ransomware targets the user-generated files, which may include files with the following file extensions (as well as various others):

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '' Ransomware renames the targeted files by adding the file extension '.com' to the end of the file's name. The '' Ransomware then delivers a ransom note in the form of a text file named 'FILES ENCRYPTED.txt,' which displays the following text message on the victim's computer:

'all your data has been locked us
You want to return?
write email'

The '' Ransomware also drops a file named 'Info.hta,' which creates a program window with the following message:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Writer this ID in the title of your message: [random characters]
In case of no answer in 24 hours write us to these emails:
You will have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption tool that will decrypt all your files.'

Dealing with the '' Ransomware Infection

It is not the right commitment to agree with the payment of the demanded ransom. Instead of paying the '' Ransomware ransom, computer users should take steps to protect their data preemptively. The best protection is to have backup copies of all files and to store these on well-guarded places. Apart from having file backups, it is also fundamental to have a security program capable of intercepting the '' Ransomware before it can cause damage since once the files have been compromised by the '' Ransomware attack, they will no longer be recoverable. Since the '' Ransomware is distributed via spam email messages commonly, learning to deal with them securely is also essential in preventing the '' Ransomware attacks.


Most Viewed