The ‘[email protected]’ Ransomware is a file-encryption Trojan, which is based on the RotorCrypt Ransomware project. The good news is that the latter is not a very sophisticated file locker, and malware researchers managed to revert engineer it in a matter of weeks, therefore making it possible to develop a free decryption software. It is likely that the RotorCrypt decryptor also will work with variants like the ‘[email protected]’ Ransomware, but this is yet to be confirmed so that there’s a minor chance that victims of this threat will not be able to recover their data safely at the moment.
Corrupted Spam E-Mails Extend the Reach of the Attackers
Samples of the ‘[email protected]’ Ransomware appear to be spread with the help of spear-phishing e-mails, which attempt to trick users into thinking that they are being contacted by a legitimate organization or institution. Often, these messages may come with an attached file, which looks like a harmless document or archive when, in fact, it is a bad executable file whose purpose is to deploy the ‘[email protected]’ Ransomware and begin encrypting the victim’s data.
When this file-encryption Trojan is launched on an unprotected computer, it will scan the local hard drive and begin to encrypt various files such as images, videos, music, archives, documents, spreadsheets, archives, etc. silently. Whenever a file is locked, the ‘[email protected]’ Ransomware will alter its name by appending the ‘!==SOLUTION OF THE [email protected]==.Black_OFFserve’ extension.
Ransomware Operators are not the Ones to Ask for Help
The operators of the ‘[email protected]’ Ransomware also have made sure to provide their victims with a ransom note, which promises them that their data will be recovered as soon as they send an unspecified amount of money to the attackers. Naturally, the cybercrooks demand to receive the payment via a Bitcoin transaction. The advice is to ignore these instructions since there’s a significant chance that the final result will be losing both your money and your files. The recommended thing to do if your PC was compromised by the ‘[email protected]’ Ransomware is to use a reputable PC security scanner to remove the unsafe files. Then, you should backup all encrypted files and look for 3rd-party file recovery software or the RotorCrypt decryptor.