Home Malware Programs Ransomware Everbe@airmail.cc Ransomware

Everbe@airmail.cc Ransomware

Posted: May 18, 2018

The Everbe@airmail.cc Ransomware is a file-locking Trojan that can block digital media by encrypting it, which it flags visually with new extensions on their names. These encryption attacks aren't reversible necessarily, and malware experts encourage the regular use of secure backups for keeping any permanent damage from coming to your files. Anti-malware programs also should delete the Everbe@airmail.cc Ransomware automatically, which has no significant defensive or evasive features for countering these products.

Simple Notes for Complex Cryptography Problems

Reports are arriving of a new file-locker Trojan resembling heavily, but separate from old threats like the Rapid Ransomware or the Blind Ransomware engaging in attacking unidentified PC users. The new Trojan, the Everbe@airmail.cc Ransomware, delivers a minimum of symptoms or ransoming instructions, but conducts attacks that are sufficient for both locking data and profiting from doing so. While malware experts have yet to come to any conclusions regarding how the Everbe@airmail.cc Ransomware is dropping onto compromised PCs, it is using ZIP archive-based delivery methods.

The Everbe@airmail.cc Ransomware also uses UPX-based 'packing' for obfuscating its code, although a majority of cyber-security services detect it as a threat. The Windows-based Trojan encrypts various, indeterminate formats of media automatically, which may include Word DOCs, Excel spreadsheets, WinZip archives, PowerPoint presentations or Adobe PDF documents. The addition of a bracketed e-mail address and '.everbe' string to their names also provides another identifier for helping the victim determine what data that the Everbe@airmail.cc Ransomware is keeping hostage.

This Trojan also creates a unique '!=How_recovery_files=!.txt' ransoming message to its victim. However, the only information it includes is the e-mail address of the threat actor and an ID that's custom to the infection (and its corresponding ransoming transactions). Until malware analysts acquire more resources for determining the chances of a decryptor's development, they only can recommend storing remote, secure backups for keeping your files from suffering any long-term encryption damage or data corruption.

Ensuring that Small-Time Trojans Stay that Way

The Everbe@airmail.cc Ransomware has many, superficial and symptomatic similarities to file-locking Trojans, such as the Dharma Ransomware variants like the webmafia@asia.com Ransomware, or the equally-new '.MTXLOCK File Extension' Ransomware. However, its encryption method is independent of any of these threats and requires a matching decryption utility that the cybersecurity community may, or may not, be capable of developing. Backup solutions such as detached USBs or DVDs, as well as online storage services, are more accessible forms of protection than reversing the effects of an Everbe@airmail.cc Ransomware infection.

The Everbe@airmail.cc Ransomware is a Windows executable with a size of well under two hundred kilobytes. The cybercriminals are distributing it actively, as of this article's date of writing, and might be using Web-browsing exploits, documents vulnerabilities, e-mail spamming campaigns or brute-force tools. Except for manual intervention installations by the threat actor, most anti-malware programs should delete the Everbe@airmail.cc Ransomware in all circumstances before it begins encrypting your files.

The Everbe@airmail.cc Ransomware is being caught early in its campaign, hopefully, before its author can profit from any attacks significantly. With victims already in confirmation, any users wanting to keep their files outside of ransoming consideration should prepare themselves with backups and security software.

Loading...