Are you a victim of Smrss32 ransomware? We hope that your system is fully patched and that all your data is sufficiently backed up, but if you have fallen victim to this malware, continue lendo. It’s the latest crypto virus that researchers named Smrss32 due to the file it uses for infection – smrss32.exe.
The ransomware is known to use a list of 6,674 extensões de arquivo to decide what files to lock on the victim’s computer. This is a very high and unusual number, especially when the “média” ransomware targets between 50 e 500 tipos de arquivo.
Who Is Behind of Smrss32 Ransomware?
Pelo visto, the extension method chosen by the hackers behind the crypto virus shows that they are not experienced. Malware researchers say at MalwareHunterTeam say that it would have been much easier for the crooks to whitelist what not to encrypt than creating this huge list.
Another indication that points to the hackers’ inexperience in malware coding is that most file extensions were duplicated in the list of targeted file types. Um exemplo é .PNG e .png. If the hackers knew about the case sensitive comparing technique, they wouldn’t have made this mistake. Applying case sensitive comparing would have spared them both time and effort.
Smrss32 ransomware will not encrypt any Windows core files, which means the coders behind it are not utterly unprepared. If the directory name has Dados do aplicativo, dados de aplicativos, bota, Jogos, Arquivos de Programas, Arquivos de Programas (x86), Dados do Programa, Sample Music, Sample Pictures, Sistema de Informação Volume, Temp, janelas, esconderijo, thumbs.db, tmp, ou Winnt, the ransomware will not touch any files inside those directories.
How Does the Smrss32 Infection Happen?
Researchers believe that the ransomware is spread via hacking unsecured RDP connections and installing the malware manually. This is not the first time this distribution technique has been adopted by criminals. Bucbi, Apocalipse e a ransomware sombra have done this too.
Once the ransomware is launched, the victim’s files will be encrypted via the criptografia AES algoritmo. An .encrypted extension will be appended to all locked files.
The ransom note will be located in the C:/ProgramData/Wallpaper diretório. A copy of it will be dropped in every drive root and on the desktop. Once all files are encrypted, the ransomware will delete the folder it was installed from.
Curiosamente, this ransomware shares the same ransom note with “CryptoWall Softare” ransomware, names so because of the claim in the ransom note.
Some Victims Have Decided to Pay the Ransomware
The ransom demanded by this crypto virus is 1 Bitcoin, and some victims have proceeded with paying cyber criminals for the decryption key, as visible in the cyber criminals’ Bitcoin wallet statistics. Victims are given an email address to contact the ransomware operators. Contudo, paying the ransom is not recommended under any circumstances.
Além disso, researchers have already started working on a decryptor. Having in mind the number of decifradores already released, it won’t take long before this ransomware case is solved for good.
What to Do If You Are a Victim of Smrss32 Ransomware
The very thing every victim should do is remove the ransomware from their system. The easiest way to do so is by using an anti-malware program.
Então, victims can try and restore some of their encrypted files via data recovery software, tal como:
No futuro, continuously back up your data so that it never falls victim to ransomware again.
digitalizador Spy Hunter só irá detectar a ameaça. Se você quiser a ameaça de ser removido automaticamente, você precisa comprar a versão completa da ferramenta anti-malware.Saiba Mais Sobre SpyHunter Anti-Malware Ferramenta / Como desinstalar o SpyHunter