Home Malware Programs Ransomware '.com File Extension' Ransomware

'.com File Extension' Ransomware

Posted: March 14, 2019

The '.com File Extension' Ransomware is a file-locker Trojan from the Crysis Ransomware's family, which uses a kit for generating minor variants of the same program for threat actors paying its fee. These Trojans can block your documents and other media types while showing few or no symptoms and criminals could introduce them by using spam e-mails or gaining backdoor access first. The majority of anti-malware tools should delete the '.com File Extension' Ransomware on sight but can't replace your backups for most data recovery purposes.

A Crisis Bringing Politics into Its Digital Media Attacks

It's far from unexpected that the cyber-security industry sees more and more releases in the Crysis Ransomware's family, which is proving itself both potent and convenient for third-party criminals in the current climate. The '.com File Extension' Ransomware is the next in a series of similar threats from the file-locker Trojan family of the Crysis Ransomware, which includes the particularly-important Dharma Ransomware update, as well as lesser relatives like the '.NWA File Extension' Ransomware, the '.korea File Extension' Ransomware, the .frendi Ransomware, the 'usacode@aol.com' Ransomware and others. The threat actor using the '.com File Extension' Ransomware is, also, providing ransoming services with a tongue-in-cheek political reference.

The '.com File Extension' Ransomware uses the generic 'update' filename for hiding the installer, which the threat actors could drop after brute-forcing a login remotely or embedded in the download exploits of e-mail attachments, among other strategies. When it runs, the '.com File Extension' Ransomware deletes any default backups through command line directives while encrypting media such as Word documents, JPG pictures and other content.

Along with a new choice of an extension on the files that it locks, the '.com File Extension' Ransomware comes with an update to its e-mail address on its ransoming message, which sells an unlocking service to the victims. The address of 'trupm' at a free service doesn't resemble a legitimate attempt at tricking victims, but its reference to the president of the United States is unmistakable and could be a clue on which nations the threat is targeting. Paying file-locking Trojans' ransoms comes with the danger of not getting anything in return, and malware experts advise against it, if not, necessarily, using any free samples.

Exhibiting Perceptiveness over Your Files for Stopping Crimes

Malware experts recommend that the victims double-check identifying any blocked data using the '.com File Extension' Ransomware's '.com' extension since the same tag is a legitimate format, for some old Windows components (such as the 'COMMAND.COM' of DOS and Windows 95) particularly. Any encrypted files will, as always, not open. Ordinarily, file-locker Trojans use extensions that are unique to their campaigns for preventing this confusion relatively. The '.com File Extension' Ransomware's attacks may add additional information into the filenames, such as IDs or e-mail addresses.

Although some file-locking Trojans use fake update-themed drive-by-download attacks, browser-running exploit kits, and similar attacks, the majority receive their distribution through spam e-mails or with the help of a brute-force attack. Backups can limit the damage that the '.com File Extension' Ransomware can do, while malware experts always encourage using conservative passwords and scanning e-mail downloads for your PC's safety. Anti-malware programs are adept at uninstalling the '.com File Extension' Ransomware's family generally and are the ideal disinfection method for most users.

Americans might find the '.com File Extension' Ransomware's ransoming details most pertinent to them, but file-locking Trojans are available and attacking worldwide. No matter whose politics you're paying attention to, backing up your work isn't a bad idea.

Loading...