Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


[email protected](.)com Ransomware Removal Manual

Yet another ransomware is infecting thousands of computers and encrypting users’ files. Researchers have dubbed it [email protected](.)com because this email is used in the names of the encrypted files. The files get locked via the 256-bit AES algorithm and require a password to be usable again.

STF-brcodesinfo@gmail.com-brhelpinfo-brinfo15-ransomware-winrar-aes-encryption-password

Name[email protected](.)com
TypeRansomware, Trojan
Short DescriptionThis ransomware encrypts files and asks for a ransom to unlock those files.
SymptomsThe ransomware encrypts files and adds an .exe extension to them. It uses a Gmail account (in the file extension) for the ransom money to be received.
Distribution MethodSpam Emails, Email Attachments, Suspicious Sites
Detection toolDownload Malware Removal Tool, to See If Your System Has Been Affected by [email protected](.)com
User ExperienceJoin our forum to follow the discussion about [email protected](.)com.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

[email protected](.)com – Distribution Methods

The most common distribution method is known to be via malicious email attachments and spam emails. You may receive an email with a malware file attached. If you open the attachment, the malware is then spread. The email body can contain malicious code and only by opening the email, you infect your computer with it, even if you don’t open the attachment inside.

Around social networks and file sharing services, there may be similar attachments and files containing the [email protected](.)com ransomware. That is why interacting with suspicious content is never advisable, especially if the system is not protected.

[email protected](.)com – Technical Information

Once the [email protected](.)com ransomware gets into your computer and is executed, it begins to lock files. It seems to be using WinRar, which in turn uses a 256-bit AES encryption. This encryption is considered uncrackable even if hundreds of years pass trying to crack it with modern super-computers.

Encrypted files have an extension such as (!! to get password email id [9 random digits] to [email protected](.)com !!).exe. There are also other e-mails that can be left in the name, like: [email protected](.)com or [email protected](.)com.

The ransomware is known to search and encrypt files with the most commonly used extensions:

→.jpg, .jpeg,.png, .mp3 , .mp4, .mpg, .divx, .djvu, .java, .json, .pps, .ppt, .pptx, .wav, .wmv, .dat, .pdf, .xls, .xlsx, .doc, .docx,

This is not a complete list, as other files could be encrypted as well.

After that process is complete, files will be locked and will have names like:

  • gta evolution br v1.exe
  • msoe.txt(!! to get password email id 332606859 to [email protected] !!).exe
  • microsoft.office.infopath.targets(!! to get password email id 332606859 to [email protected] !!)
  • webservicesnfe.xml(!! to get password email id 332606859 to [email protected] !!).exe
  • unins002.dat(!! to get password email id 332606859 to [email protected] !!).exe
  • unins001.dat(!! to get password email id 332606859 to [email protected] !!).exe
  • unins000.dat(!! to get password email id 332606859 to [email protected] !!).exe
  • source_facilitus_servico.hns(!! to get password email id 332606859 to [email protected] !!).exe
  • source_facilitus_documento.hns(!! to get password email id 332606859 to [email protected] !!).exe
  • scriptdirectus799.txt(!! to get password email id 332606859 to [email protected] !!).exe
  • scriptdirectus699.txt(!! to get password email id 332606859 to [email protected] !!).exe
  • scriptdirectus599.txt(!! to get password email id 332606859 to [email protected] !!).exe
  • scriptdirectus499.txt(!! to get password email id 332606859 to [email protected] !!).exe
  • scriptdirectus.txt(!! to get password email id 332606859 to [email protected] !!).exe
  • conectusnfce.exe.config(!! to get password email id 332606859 to [email protected] !!).exe

Important!

The ransom request will be sent over email if you choose to contact the cybercriminals. AES is one of the toughest military-grade encryption algorithms known in the world. Every tool that is used in decrypting WinRAR passwords uses a brute-force or an alphabetical order method to do so. The password used by cyber criminals is probably long enough for decryption to be made impossible.

Currently, there is no information if Shadow Volume Copies are erased from the infected system. So, after removal, you should see the 5th part of the instructions written down below for few ways in which you can try and restore your files.

Remove [email protected](.)com Completely

If you have been infected by the [email protected](.)com ransomware, you should have at least some experience in removing viruses. This ransomware can irreparably lock your files, so it is highly recommended that you act swiftly and follow the instructions provided below:

1. Boot Your PC In Safe Mode to isolate and remove [email protected](.)com
2. Remove [email protected](.)com with SpyHunter Anti-Malware Tool
3. Remove [email protected](.)com with Malwarebytes Anti-Malware.
4. Remove [email protected](.)com with STOPZilla AntiMalware
5. Back up your data to secure it against infections and file encryptions by [email protected](.)com in the future
NOTE! Substantial notification about the [email protected](.)com threat: Manual removal of [email protected](.)com requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.