Home Malware Programs Ransomware '.combo File Extension' Ransomware

'.combo File Extension' Ransomware

Posted: July 24, 2018

The '.combo File Extension' Ransomware is part of the Dharma Ransomware family, a group of Trojans that can block your files by encrypting them with the AES or Blowfish and an optional, secondary layer of RSA security. Although decryption solutions may be possible for free, users never should assume their availability and should keep backups of their work secure. Anti-malware programs can uninstall the '.combo File Extension' Ransomware safely or, in ideal cases, block the attempted installation of this threat.

A Killing Combo on Your Files

The Dharma Ransomware group's latest variant is the '.combo File Extension' Ransomware, a file-locker Trojan that's attacking Turkish PC users either incidentally or deliberately. Although most of the details of this Trojan's campaign are up for further investigation, its attacks are capable of locking files similarly to those of other Dharma Ransomware derivatives, such as the older '.onion File Extension' Ransomware, the Wallet Ransomware, the 'wisperado@india.com' Ransomware or the 'Lavandos@dr.com' Ransomware. The decryption and free recovery of any captive data may or may not be possible with the help of seasoned cyber-security specialists.

The '.combo File Extension' Ransomware's build of Dharma Ransomware may use AES, Blowfish, or other encryption algorithms for blocking files on Windows computers. Attacks typically include targeting text documents, pictures, archives, spreadsheets, audio, movies, and general databases, although a threat actor may modify the filter for including additional formats or excluding any of the above ones. While malware experts haven't completed an analysis of the '.combo File Extension' Ransomware's format whitelist, the '.combo File Extension' Ransomware's addition of a 'combo' extension, an ID number, and an e-mail address to the filename gives any victims a visible symptom while they're searching for their locked data.

Some versions of the Dharma Ransomware include file-downloading features for retrieving remote ransoming messages from another server to show to the victim. Alternately, the '.combo File Extension' Ransomware may generate a pop-up message box, change your wallpaper, or display no other symptoms and assume that the user will contact the e-mail it provides. Regardless of the cost or currency stated in the ransom message, malware experts recommend against paying it, in particular, since the '.combo File Extension' Ransomware has a chance of working with a public decryptor that would 'unlock' any files for free.

The Defenses that Protect Your Media from Trojan Combo Technique

Other than the decryption solutions already available to the public, malware researchers can recommend using backups on other devices, including both cloud storage and detachable drives, for your data recovery needs. Free decryption isn't possible with every member of the '.combo File Extension' Ransomware's family and users never should assume its availability since many forms of secure encryption are programmable without much technical skill. In some, but not every case of infection, your Windows restore points also may be available for setting the system to a previous state.

E-mail and accompanying attachments, using disguises like fake bills or work reports, are archetypal infection vectors for the '.combo File Extension' Ransomware's category of threat. Malware experts also are associating the Dharma Ransomware family especially with Remote Desktop Protocol or RDP exploits, which, usually, criminals access after cracking the system's login credentials. Let your anti-malware products remove the '.combo File Extension' Ransomware on sight, scan new e-mails attachments whenever it's appropriate, and use conventionally-robust passwords for logging into a network.

Turkey may or may not be the prime target of the '.combo File Extension' Ransomware's campaign. Without more attacks and, consequentially, more victims, any readers will need to protect themselves with the same general guidelines that are just as appropriate for the other variants of the Dharma Ransomware's numerous family.

Loading...