Threat Database Ransomware' Ransomware' Ransomware

By GoldSparrow in Ransomware

The '' Ransomware is an encryption ransomware Trojan, designed to take the victims' files hostage and then demand a ransom payment, promising to return the affected data after the victim pays the ransom amount. The '' Ransomware was first observed by malware researchers on February 4, 2019, and carries out a typical version of these attacks. The '' Ransomware is a variant of a preexisting ransomware threat, the RotorCrypt Ransomware, which has been around since October 2017 and has seen several variants since it was first released.

How to Recognize the Files Changed by the '' Ransomware Attack

The '' Ransomware's main targets are small business networks and servers. The '' Ransomware can spread in several ways, including compromised RDP (Remote Desktop Protocol) accounts, and through corrupted spam email attachments. Once the '' Ransomware is installed on a computer, it uses a strong encryption algorithm to make the victim's files inaccessible. The '' Ransomware targets the user-generated files, which may include a wide variety of file types, including media files, documents, databases, configuration files and numerous others. The '' Ransomware and similar threats target the files described below in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '' Ransomware attack marks the damaged files with the file extension '!' added to the end of each affected file's name.

The '' Ransomware's Ransom Demand

It appears that the '' Ransomware is still under development since its ransom note is unfinished currently. The '' Ransomware drops a text file named 'readme.txt' on the infected computer. These ransom notes typically demand that the victim contact the criminals and pay a ransom amount to restore the affected files. However, the '' Ransomware ransom note only contains the following text, clearly a placeholder currently:

'ROTO Readme file ROTO Readme file ROTO Readme file ROTO Readme file ROTO Readme file ROTO Readme file ROTO Readme file ROTO Readme file ROTO Readme file'

Previous versions of the '' Ransomware and most encryption ransomware Trojans demand that the victim contact the criminals via email and pay a ransom using Bitcoin or other digital currency.

Protecting Your Data from Threats Like the '' Ransomware

Since the '' Ransomware uses encryption methods that are quite strong, it is not possible to restore files encrypted by the '' Ransomware and similar threats currently. This is why computer users are strongly advised to take steps to protect their data preemptively. The best protection against these threats is to have the means to restore any compromised files without having to contact the criminals. To achieve this, any computer user should have backup copies of all data and to store these backups in a safe location.


Most Viewed