A new ransomware Trojan attack has been detected recently. The threat is known as [email protected] According to research, after the extortion Trojan has sneaked into the victim’s system, certain files will have the “.id-(10 random digits)[email protected] string. After the line is added to the regular file extensions, the files become inaccessible. As with other ransom software cases, any attempt to manually open or restore the files will not be successful. Continue reading to learn the details about the [email protected] ransomware and how to deal with it.
|Short Description||The ransomware encrypts files with certain extensions and demands payment for their decryption.|
|Symptoms||Files are inaccessible; a ransom message is repeatedly displayed to the user.|
|Distribution Method||Spam emails, malicious email attachments, compromised websites hosting exploit kits.|
|Detection tool||Download Malware Removal Tool, to See If Your System Has Been Affected By [email protected]|
|User Experience||Join our forum to follow the discussion about [email protected].|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
[email protected] Technical Review. Distribution
Ransomware is usually distributed via two paths:
- Malicious email attachments and aggressive spam.
- Compromised websites hosting exploit kits.
[email protected] ransomware doesn’t make an exception. The ransomware Trojan is most likely spread via infected email attachments. In some cases, the user can be infected by malware the second he opens the email send by the attacker, without opening the malicious attachment itself.
When attackers deploy exploit kits and compromised websites to distribute malware, the infection can be quite unexpected. Any legitimate site that doesn’t have enhanced security against attackers can be affected by malware. By the time the domain’s owners are aware of the security breach, many users will have visited the page.
On the other hand, there are also malicious websites crafted to initiate malicious attacks by hosting exploit kits and other malicious tools. With ransomware threats such as [email protected], both of the infection scenarios described in the article are equally possible. Nonetheless, more information is needed to confirm the primary distribution method employed by the threat’s authors. To stay safe, stay away from suspicious websites (such as pages hosting adult content) and use spam filters in your inbox.
[email protected] Infection Process
As already mentioned, once the ransomware has entered the system, certain files will be targeted. Research reveals that the files [email protected] seeks to exploit and encrypt are most likely the following:
→txt, zip, rar, pdf, jpg, msi, iso, xml, inf, dwg, rtf, csv, avi, doc, xlx, db
Once hairullah has located those files, an extension will be added to complete the file encryption:
The combinations of the 10 digits are most likely different in each case.
As soon as the encryption process has finished, the user may witness a pop-up window with payment information and instructions. The window may keep re-appearing on every system reboot.
Some researchers believe that the [email protected] ransomware only targets user data stored on HDD, removable and mapped drived that have letters assigned to them.
[email protected] Removal Options
Before we proceed with the removal process of the malicious threat, let us remind you that paying the amount demanded by the cyber criminals is not advisory. There are multiple cases of users who are tricked into paying considerable amounts of money without having their encrypted data restored. After all, ransomware is only created to generate income. However, if you always remember to back up your files, you will significantly increase your protection against ransom-demanding online threats.
To remove all traces of [email protected], you should consider scanning your system via powerful AV software that has proven to be effective against malware. You can also have a look at the manual below the article.
1. Start Your PC in Safe Mode to Remove [email protected]
For Windows XP, Vista, 7 systems:
1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.
– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.
3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
4. Log on to your computer using your administrator account
While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.
For Windows 8, 8.1 and 10 systems:
Step 1: Open the Start Menu
Step 2: Whilst holding down Shift button, click on Power and then click on Restart.
Step 3: After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.
Step 4: You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
Step 5: After the Advanced Options menu appears, click on Startup Settings.
Step 6: Click on Restart.
Step 7: A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart.
2. Remove [email protected] automatically by downloading an advanced anti-malware program.
To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all [email protected] associated objects.
Security engineers recommend that you back up your files immediately, preferably on an external memory carrier in order to be able to restore them. In order to protect yourself from [email protected] threat: Manual removal of [email protected] requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a MALWARE REMOVAL TOOL.