An “ABOUT FILES!” (*.txt) ransom message has been detected in the wild. If the file is located in all directories on a system and an error_ is added to files with various extensions, then the PC have been attacked by ransomware. The message reads that the victim’s files have been encrypted by the AES and RSA encryption algorithms, and a private RSA key is needed to decrypt the data. It is also noted that an “error_” is added to the names of all ‘crypted’ files. The cyber crooks then suggest buying their decryptor so that the user’s data is restored.
However, paying the asked $230 in 3 bitcoins does not guarantee files will be safely restored. The best measure against ransomware is having crucial data previously stored on an external memory device or via a cloud service. Also, keep in mind that there has been a tangible increase in Cryptowall 3.0 attacks.
“ABOUT FILES!” *.txt Ransom Message Distribution
There is no particular information on how users have been contaminated with the file encryption threat. Nonetheless, there are several known distribution paths ransomware employs. It is also important to note that ransomware attacks both personal and business computers. When it first appeared on the malware scene, ransomware was spread across computers via malicious emails. Recently, the old method has been improved, thus increasing the effectiveness of the infection.
‘Drive-by ransomware’ is downloaded to the computer after visiting a compromised website. Cyber criminals tend to send infectious emails in the attempt to lure users into visiting their suspicious websites. To make the whole process more believable, crooks usually masquerade their emails so that they do not appear suspicious to the recipients.
“ABOUT FILES!” *.txt Ransomware Description
As previous stated, cyber crooks have revealed their methods in the displayed text file. The message starts with a ‘friendly’ remark, then explaining how the victim’s files have been encrypted via the AES and RSA encryption algorithms. Once the payment in 3 bitcoins has been done, the crooks promise to decrypt the “error_” files in several, to 24 hours. What may appear interesting is that at the end of the message, the criminals claim they do not want to destroy the victim’s files because they just need some money.
As visible, the ransom message is written in English. However, grammatical mistakes are present, meaning that a non-native speaker has written it. STF researchers remind that ransomware attacks originate from Russia, even though such online extortion schemes have reached an international level.
“ABOUT FILES!” *.txt Removal and Prevention
The FBI has created a short list suggesting several ways to stay protected against ransomware attacks. The first step towards prevention is having an updated antivirus program, and making sure to keep it intact. Other important measures are:
- Enabling automated patched for the OS and web browser.
- Using strong passwords. Every account should have a different password.
- Downloading freeware from known websites and always reading the EULA.
- Blocking pop-up windows.
- Being cautious about email attachments and unsolicited email messages.
- Not clicking on provided URLs to avoid malicious drive-by downloads.
- Previously having all essential files backed up.
If affected by “ABOUT FILES!” *.txt, running a full system scan through a valid anti-malware solution is highly advisable. There are also several other steps the user can try, but since more information on the threat is needed, the STF team cannot guarantee their complete effectiveness.
Stage One: Remove CryptoWall 3.0
1. First and most important – download and install a legitimate and trustworthy anti-malware scanner, which will help you run a full system scan and eliminate all threats.
Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the malware tool. Find Out More About SpyHunter Anti-Malware Tool
2. Run a second scan to make sure that there are no malicious software programs running on your PC. For that purpose, it’s recommended to download ESET Online Scanner.
Your PC should be clean now.
Stage Two: Restore the Encrypted Files
Option 1: Best case scenario – You have backed up your data on a regular basis, and now you can use the most recent backup to restore your files.
Option 2: Try to decrypt your files with the help of Kaspersky’s RectorDecryptor.exe and RakhniDecryptor.exe. They might help you in the process but keep in mind that they were not specially designed to encrypt information that was decrypted by this particular ransomware.
Option 3: Shadow Volume Copies
1. Install the Shadow Explorer, which is available with Windows Vista, Windows 7, Windows 8 and Windows XP Service Pack 2.
2. From Shadow Explorer’s drop down menu choose a drive and the latest date you would like to restore information from.
3. Right-click on a random encrypted file or folder then select “Export”. Select a location to restore the content of the selected file or folder.
Remove “ABOUT FILES!” error_ Automatically with Spy Hunter Malware – Removal Tool.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter