Yourhope@airmail.cc Ransomware
The Yourhope@airmail.cc Ransomware is an encryption ransomware Trojan that was first observed on October 16, 2018. The Yourhope@airmail.cc Ransomware carries out a typical version of the ransomware tactic, enciphering the victim's data and then demanding a ransom payment in exchange for a decryption key. The Yourhope@airmail.cc Ransomware, like most ransomware Trojans, is commonly delivered to the victims via spam email messages. The Yourhope@airmail.cc Ransomware is being delivered to the victims via bogus software downloads through third-party websites. The Yourhope@airmail.cc Ransomware is a variant in the Scarab family of ransomware, a large family of ransomware that has received numerous updates in 2018.
How the Yourhope@airmail.cc Ransomware Affects Your Files
The Yourhope@airmail.cc Ransomware uses AES and RSA encryption to make the victim's files inaccessible, targeting the user-generated files, which may include media files and numerous documents. The Yourhope@airmail.cc Ransomware and other Scarab variants target these file types in their attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The Yourhope@airmail.cc Ransomware delivers a ransom note in the form of a text file named 'HOW TO RECOVER ENCRYPTED FILES.txt.' The Yourhope@airmail.cc Ransomware ransom note's content reads:
'Your files are now encrypted!
Your personal identifier:
6A02000000000000***1DFCE07
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: yourhope@airmail.cc
If you don't get a reply for 12 hours or if the email dies, then contact us using jabber(XMPP).
Download it form here: h[tt]ps://www.pidgin[.]im/ install it
Next download h[tt]ps://otr.cypherpunks[.]ca/ install it
Register here - h[tt]ps://www.xmpp[.]jp/signup?lang=en
In pidgin turn on module OTR
After write us in pidgin - helpersmasters@xmpp.jp (It is not a mail,xmpp)
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click
'Buy bitcoins', and select the seller by payment method and price:
h[tt]ps://localbitcoins[.]com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:
h[tt]p://www.coindesk[.]com/information/how-can-i-buy-bitcoins
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.'
Protecting Your Data from Threats Like the Yourhope@airmail.cc Ransomware
The best protection against the Yourhope@airmail.cc Ransomware is to have file backups stored on the cloud or an external memory device. Security software is important, but it is impossible to decrypt files encrypted by the Yourhope@airmail.cc Ransomware without the decryption key currently. Because of this, prevention is essential in ensuring that your data remains safe.
