Home Malware Programs Ransomware '.aesir File Extension' Ransomware

'.aesir File Extension' Ransomware

Posted: November 22, 2016

Threat Metric

Threat Level: 8/10
Infected PCs: 49
First Seen: November 22, 2016
Last Seen: August 18, 2020
OS(es) Affected: Windows

The '.aesir File Extension' Ransomware is a Trojan that damages your files by encrypting them, blocking the content until you decrypt it back to the previous format. Attempted installations for the '.aesir File Extension' Ransomware occur through e-mail attacks utilizing disguised attachments currently. Although your anti-malware programs can't decrypt any lost data, they can delete the '.aesir File Extension' Ransomware or any Trojan droppers that might infect your PC.

Another Tap from the Not-So-Divine on Your Files

For PC users who are careful to avoid visiting hostile sites or use easily-broken passwords, there are few avenues of attack left open for a threat actor. One method equally applicable to both a business entity and a personal computer user is spam e-mails, which can craft a Trojan dropper into looking like a document or important legal notice. It's this last disguise that malware experts can confirm as being at play in the '.aesir File Extension' Ransomware campaign, a new branch of the '.locky File Extension' Ransomware.

The '.aesir File Extension' Ransomware stays within theme earlier pioneered by the '.thor File Extension' Ransomware by using the Norse mythology to theme its extension tag, which it appends to the name of each file it encodes. The '.aesir' string is less meaningful than the '.aesir File Extension' Ransomware's actual encoding process, an encryption-based attack that blocks the content from opening. Although malware analysts ascertain that the '.aesir File Extension' Ransomware does target a limited list of data types, the list includes hundreds of different ones, putting almost any data that isn't a program's executable, or your Windows OS, at risk.

Like most of its kin, the '.aesir File Extension' Ransomware also creates messages asking for money to decode and restore your files. The '.aesir File Extension' Ransomware uses both Web page and BMP image-based ransom notes and a slightly different name format for each, in comparison to other variants of the '.locky File Extension' Ransomware. Malware experts found no other, significant changes between the Trojans, including any new decryption vulnerabilities.

Keeping Your Money out of the Eyes of False Gods

The '.aesir File Extension' Ransomware is not susceptible to current decryption solutions that the public can download and use for free. Since ransom-based transactions for buying decryption assistance often backfire on the victims, malware experts emphasize the viability of backups, instead. Few Trojans possess any features meant for compromising traditional backup services such as the cloud storage, although some may encode any files they can access through a network-mapped drive.

The '.aesir File Extension' Ransomware and the rest of its family often use misleading or semi-random names for their components, particularly the DLL-based installation vehicle. Victims should let their anti-malware programs determine which files are corrupted and quarantine or remove the '.aesir File Extension' Ransomware when appropriate.

Disguises for this campaign theme themselves after Internet Service Provider warnings about spam activity from your computer. While you never should take such statements lightly, malware experts also gently remind any readers that these alerts never are a sufficient justification for opening strange ZIP archives like the ones carrying the '.aesir File Extension' Ransomware.

Loading...