'email@example.com' Ransomware Description
The 'firstname.lastname@example.org' Ransomware is an encryption ransomware Trojan that is part of a large family of ransomware known a Dharma. The 'email@example.com' Ransomware was first observed towards the second half of February 2017 and is designed to attack high-profile targets such as corporate networks and Web servers. Although the 'firstname.lastname@example.org' Ransomware may be distributed in a variety of ways, the nature of the 'email@example.com' Ransomware's targets indicates that the two likely ways in which the 'firstname.lastname@example.org' Ransomware may be distributed include targeted phishing email messages and hacking into a compromised computer directly. The first attacks reported involving the 'email@example.com' Ransomware were of affected servers.
The 'W(h)isper' that will Cause a Cry
The 'firstname.lastname@example.org' Ransomware is virtually identical to the numerous other variants in the Dharma ransomware family, many of which also are used to target servers. Like other members of this family, the 'email@example.com' Ransomware communicates with its Command and Control server through TOR, maintaining anonymous communications with its controllers. The main purpose of the 'firstname.lastname@example.org' Ransomware attack is to encrypt files on the infected computer, making them inaccessible completely. The 'email@example.com' Ransomware will target files on the infected computer's drives, as well as files on shared directories and external memory devices connected to the infected computer. PC security researchers have determined that the 'firstname.lastname@example.org' Ransomware will search for the following file types in its attack, and then encrypt them with a strong encryption algorithm:
.acrodata, .au3, .bak, .bat, .bin, .bmp, .chm, .dat, .db, .def, .dic, .dll, .doc, .docx, .dot, .dotm, .dotx, .dtd, .e2x, .exe, .flt, .gif, .h, .hpp, .htm, .html, .htt, .hxh, .hxl, .hxn, .hxw, .ico, .idl, .ini, .ion, .jpg, .js, .json, .jsx, .lck, .lib, .lic, .lnk, .log, .mk, .msp, .pl, .pm, .png, .pod, .ppt, .pptx, .py, .pyc, .rar, .rdf, .rtf, .sam, .scf, .sfx, .sig, .sqlite, .sst, .tcc, .tmp, .txt, .wav, .wb2, .wma, .wmdb, .wpd, .wpg, .wpl, .xa, .xbn, .xls, .xlsx, .xml, .xss, .zip.
The file types listed above include files typically found in server databases related to Mandriva and SQLite. The files encrypted by the 'email@example.com' Ransomware will be identified with a file extension added to the affected file, which may either be '.[firstname.lastname@example.org].viper2' or '.[email@example.com].viper1.' Windows will no longer recognize the files encrypted in the ‘firstname.lastname@example.org’ Ransomware attack, and it will not be possible to access the infected files. After encrypting the victim's files, the 'email@example.com' Ransomware will drop a ransom note on the victim's computer. This ransom note alerts the victim of the attack and demands the payment of a ransom.
Dealing with the 'firstname.lastname@example.org' Ransomware
The 'email@example.com' Ransomware's ransom file is contained in a text file named 'HOW TO DECRYPT FILES.txt,' as well as with an HTA file named 'Read Me Please.hta,' both dropped on the infected computer's Desktop. The ransom note indicates that the 'firstname.lastname@example.org' Ransomware's ransom is 3 Bitcoins, an enormous ransom for these attacks that, at the current exchange rate, is approximate $3500 USD. The files compromised in the 'email@example.com' Ransomware attack are not recoverable without the decryption key, which is held by the people responsible for the attack. Because of this, it is basic that server administrators and other likely targets of the 'firstname.lastname@example.org' Ransomware attack have regular backups of their data that should be located in an offline location. A reliable security program also can help fend off the 'email@example.com' Ransomware attacks. Below is the full text of the 'firstname.lastname@example.org' Ransomware's ransom note:
'All Your Files Was Encrypted !
Your personal ID:
Your documents, photos, databases, save games and other important data was encrypted. Data recovery is required decryptor.
Do not attempt to remove the program yourself, or run anti-virus tools.
All attempts to self-decrypting files will result in the loss of your data.
Decoders are not compatible with other users of your data, because each user's unique encryption key.'
Unfortunately, the files affected by the 'email@example.com' Ransomware are not recoverable. However, paying the ransom is not recommended since it allows these people to profit from their attacks and continue claiming new victims.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.