New ransomware infecton carrying the file extension .firstname.lastname@example.org has been reported by malware researchers to wreak havoc on the computers of the victims it infects. The malware has the one and only purpose to encrypt the files on the compromised computer and then leave behind the e-mail of the crooks as a file extension. The virus then drops a ransom note, named Readme.txt which has the extortion instructions in it and gives 96 hours deadline to contact the e-mail, otherwise the files could be lost indefinitely. If your computer has been infected by .email@example.com ransomware, we advise you to read this article and learn how to remove this virus and restore files that have been encrypted by it on your computer.
|Short Description||Aims to encrypt the files on the computers infected by it and then demands a ransom payoff to get the files back.|
|Symptoms||Files are encrypted and no longer able to be opened with an added .firstname.lastname@example.org file extension. Readme.txt ransom note also appears.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by LibbyWovas |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss LibbyWovas.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
.email@example.com Ransomware – Distribution
In order spread it, the cyber-criminals behind .firstname.lastname@example.org file ransomware may use different methods. They may upload the infection files of the virus as fake programs, installers of games or even game key generators and software license activators. In addition to this, the cyber-crooks may also send the infection file in the form of a document over e-mail. The attachment may be accompanied with a convincing message, like the following:
.email@example.com Files Virus – More Information
Once your computer becomes infected by the .firstname.lastname@example.org files ransomware, the malware connects to a distribution site via an unsecured port on your computer. After this, it drops the payload of the ransomware virus on your computer. It may consist of more than one executable file and these files are of different formats and may have different, often random names. The files may be located in the most commonly targeted Windows folders:
After this ransomware virus has already infected your computer, it may begin to modify it. For starters, the .email@example.com ransomware may situate registry sub-keys with values in them that aim to run it’s encryption executable during Windows boot. To do this the virus may target the following Windows Registry sub-keys:
After the .firstname.lastname@example.org ransomware creates value strings, they may contain data with the actual location of the malicious file, responsible for the encryption.
In addition to modifying the Windows Registry Editor, the .email@example.com ransomware virus may also delete the shadow volume copies of the infected computer via the vssadmin and bcedit commands:
→ vssadmin delete shadows /for=
After those commands are enabled with the right parameters, the shadow copies of the infected machine are deleted and there is no way to restore the files using Windows. The virus then may drop it’s Readme.txt ransom note which has the following contents:
Your files are encrypted.
In case of renaming a file, the file will become unsuitable for decryption. Even we will not have a chance to restore them.
To return your files you have 96 hours. Write to us.
Our email: firstname.lastname@example.org
ATTENTION. To email (email@example.com) write messages only from these e-mail services.
From other email services, messages may not be received by us.
ATTENTION. We will reply you within 24 hours. If there is no response from us, please send your message again.
Tor email: firstname.lastname@example.org
To register tor e-mail, use the service http://torbox3uiot6wchz.onion (Open only to the tor browser)
Send 3 files, each <2 MB (only pictures, text documents or shortcuts). We will decipher them for free, to confirm that we can help you. Wait for further instructions. YOUR KEY.
.email@example.com – Encryption
The encryption process of the .firstname.lastname@example.org virus is conducted via an encryption algorithm whose primary purpose is to render the files on the victim’s computer no longer able to be opened. To encrypt files, the .email@example.com ransomware targets specific documents, audio files, image files, archives and other often used files, which may have the following file extensions:
“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”
After the encryption process by .firstname.lastname@example.org ransomware has completed, the ransomware adds it’s distinctive file extension, which makes the files to begin appearing like the following:
Remove .email@example.com Ransomware and Restore Files
If you want to remove this ransomware infection completely from your computer system, it is strongly recommended to begin removing it by using the steps in the instructions below. They are specifically designed to help you isolate and remove the .firstname.lastname@example.org virus either manually or automatically. Be advised that for maximum effectiveness, experts always recommend using specifically designed for removal anti-malware software which will help to fully detect and remove all malicious files, related to .email@example.com ransomware from your computer.
If you want to restore files that have been encrypted by this ransomware on your computer, it is recommended to try the alternative methods used below In step “2. Restore files encrypted by LibbyWovas” below. They may not be 100% effective, but may help you to recover most of your data.