|Short Description||May encrypt important files and give decryption keys upon paying ransom which is usually financial compensation.|
|Symptoms||Appearing of different objects in various user folders or the Desktop or on startup. Files encoded with unfamiliar extensions|
|Distribution Method||Spam mails. MiTM attacks, malicious redirects.|
|Detection tool||Download SpyHunter, to See If Your System Has Been Affected By [email protected]|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Reports have been raised about a ransomware virus, infecting numerous systems, connected with the name [email protected] This type of attack is a new type of online extortion designed to encrypt your files and put a suspicious extension on them (for example: .crypt; .bitcrypt; .aaa). The email, associated with the cyber-attack has been identified as suspicious and unknown. Security experts strongly advise to disconnect immediately from the internet in case you see this message:
→”Attention! Your computer was attacked by virus-encoder. All your files are encrypted cryptographically strong, without the original key recovery is impossible! to get the decoder and the original key, you need to write to us at the e-mail [email protected] with the subject encryption starting your id. Write on the case, do not waste your and our time on empty threats. Responses to letters only appropriate people are not adequate ignore.”
Judging by the seriousness of the author of the message, they do not mess around and this threat should be taken very seriously. Security experts strongly recommend to immediately disconnect from the web and check out the aftermentioned information.
[email protected] Ransomware – How Did I Become A Victim?
In case there is a PC infected with this ransomware, the most probable cause may be opening infected files in the form of .exe setups or document files with malware attached to them. These can be opened in spam emails containing flashy messages like ‘Open this document to fill out and claim your reward!’ and other similar. Also, sometimes when users have browser hijackers or an adware PUP (Potentially Unwanted Program) on their PC, it may administer redirects to malicious web pages that may perform a drive-by download with this virus on the affected machine.
More About [email protected] Ransomware
This particular Ransomware may patiently wait on the user PC to establish an internet connection. From there it could begin to scan the user PC for files of different format and importance. (Docx, XML, pdf, etc.). The next step for the malicious software is to encrypt the files and leave a ransom note, similar to the above mentioned. Most ransomware viruses use a very strong encryption which, depending on the size in bits (100 to 4096 and even more) may take from hours to years to decrypt. In case you are interesting in some research on unique decryption methods, check out this report.
The cyber-criminals use the email [email protected], and they may access it via private VPN networks, combined with proxy from a public Wi-Fi to provide instructions to the victim regarding what to do to restore the files. One way of payment that cyber-criminals prefer is bitcoin because it is a good investment. Another way of payment is by using a one-time PayPal account.
Protection From [email protected] Ransomware
Security professionals strongly advise against complying with the demands of the cyber crooks for several obvious reasons. First, these are the guys that steal your files illegally, what makes you think that their word will stand for something. Over 18 million dollars have been lost from ransomware viruses for the last year only. Second, experts recommend to back up your information and create a restoration point. For more information follow the protection tutorial below, or watch this video.
Security engineers recommend that you back up your files immediately in order to be able to restore them. In order to protect yourself from [email protected] (For Windows Users) please follow these simple instructions:
For Windows 7 and earlier:
1-Click on Windows Start Menu
2-Type Backup And Restore
3-Open it and click on Set Up Backup
4-A window will appear asking you where to set up backup. You should have a flash drive or an external hard drive. Mark it by clicking on it with your mouse then click on Next.
5-On the next window, the system will ask you what do you want to backup. Choose the ‘Let Me Choose’ option and then click on Next.
6-Click on ‘Save settings and run backup’ on the next window in order to protect your files from possible attacks by [email protected].
For Windows 8, 8.1 and 10:
1-Press Windows button + R
2-In the window type ‘filehistory’ and press Enter
3-A File History window will appear. Click on ‘Configure file history settings’
4-The configuration menu for File History will appear. Click on ‘Turn On’. After its on, click on Select Drive in order to select the backup drive. It is recommended to choose an external HDD, SSD or a USB stick whose memory capacity is corresponding to the size of the files you want to backup.
5-Select the drive then click on ‘Ok’ in order to set up file backup and protect yourself from [email protected].
Enabling Windows Defense Feature:
1- Press Windows button + R keys.
2- A run windows should appear. In it type ‘sysdm.cpl’ and then click on Run.
3- A System Properties windows should appear. In it choose System Protection.
5- Click on Turn on system protection and select the size on the hard disk you want to utilize for system protection.
6- Click on Ok and you should see an indication in Protection settings that the protection from [email protected] is on.
Restoring a file via Windows Defense feature:
1-Right-click on the encrypted file, then choose Properties.
2-Click on the Previous Versions tab and then mark the last version of the file.
3-Click on Apply and Ok and the file encrypted by [email protected] should be restored.
How To Remove [email protected]?
To rid yourself from this ransomware, it is needed to disconnect immediately from the internet first. Since this threat may create and conceal different objects in your OS in critical areas that allow it to operate safely, we need a professional anti-malware program that will detect everything associated with [email protected] ransomware. First, you should download the anti-malware program from a Safe PC. Second you should install it on your computer and then using Safe Mode without Networking, scan your computer and automatically get rid of the threat.
Also, in case you lack any backup from your computer, you can also check this manual in case you want to attempt and decrypt your files manually. Be warned that it may take a lot of time, if possible to decrypt at all.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter