Threat Database Ransomware '' Ransomware

'' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan. The '' Ransomware was created by using elements from two other known encryption ransomware Trojans, the Crysis Ransomware and the Dharma Ransomware. However, the '' Ransomware is not the first encryption ransomware Trojan that hybridizes these two threats released relatively recently. PC security analysts suspect that the '' Ransomware belongs to a larger family of encryption ransomware Trojans that is based on this combination of elements.

Why the '' Ransomware Makes Your Files Useless

The '' Ransomware is mainly delivered to the victims via spam email attachments, often in the form of corrupted Microsoft Office documents with embedded macro scripts that download and install the '' Ransomware onto the victim's computer. The main purpose of the '' Ransomware is to make the victim's data inaccessible to demand a ransom payment to restore access to the affected files. The '' Ransomware targets the user-generated files with extensions such as the following:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '' Ransomware will change the files it encrypts by adding the file extension '.USA' to the end of the file's name.

The '' Ransomware's Ransom Demand

The main purpose of attacks like the '' Ransomware's is to extort the victims, demanding ransom payments in exchange for restoring access to victims' files. There are several versions of the '' Ransomware being used currently, each using a different contact email in its attack. The '' Ransomware delivers a very short ransom message. This message is contained in a text file named 'FILES ENCRYPTED.txt' that is dropped on the infected computer. The '' Ransomware ransom note contains the following message:

'all your data has been locked us
You want to return?
write email [email address]'

Malware researchers advise PC users to refrain from following the instructions in the '' Ransomware ransom note and contacting these criminals. Typically, making contact with the controllers of these threats will simply expose the computer users to additional schemes.

Preventing the '' Ransomware Attacks

Once the '' Ransomware finishes enciphering the files, they no longer will be recoverable. Because of this, the best preventive measures computer users can take is to ensure that they can restore any data that becomes compromised, thus taking away any leverage from the criminals carrying out the '' Ransomware attack. The best way to ensure that this can happen is by having file backups and storing them on external memory devices.


Most Viewed