Home Malware Programs Ransomware 'yoursalvations@protonmail.ch' Ransomware

'yoursalvations@protonmail.ch' Ransomware

Posted: November 26, 2018

The 'yoursalvations@protonmail.ch' Ransomware is a new release from the Everbe@airmail.cc Ransomware family that uses an updated ransom note and extension. The 'yoursalvations@protonmail.ch' Ransomware blocks your files through multiple methods, such as the AES or DES algorithms, which it secures with another layer of the RSA encryption. Save your backups to other devices for recovering media and use anti-malware products for deleting the 'yoursalvations@protonmail.ch' Ransomware safely.

A Salvation that's not Worth the Price

Releases of the Everbe@airmail.cc Ransomware, one of the lesser families of Ransomware-as-a-Service Trojans, are maintaining a steady stream of media-endangering campaigns, with one or two new variants verifiable each month. Just after the latest versions, such as the 'everest@airmail.cc' Ransomware, the NOT_OPEN_LOCKER Ransomware, the notopen@cock.li Ransomware and the '.divine File Extension' Ransomware, malware researchers noted one more, for November. The 'yoursalvations@protonmail.ch' Ransomware is targeting the media of multiple regions around with the world appropriate language support.

The 'yoursalvations@protonmail.ch' Ransomware can be set up for locking files with multiple encryption standards, although a typical procedure involves the AES and RSA. The 'yoursalvations@protonmail.ch' Ransomware blocks documents, pictures, and similar media formats in locations such as the desktop and downloads folder, and may, also, encrypt any unprotected network shares. The e-mail in its name is one of two that the Trojan appends to these locked files, instead of the normal format of a bracketed e-mail and a random word (such as 'locked') as the new extension.

Although the 'yoursalvations@protonmail.ch' Ransomware also generates a pop-up window for a ransom note, the message doesn't give a price for its decryptor. The use of multiple-language support, while being something that malware researchers see in other campaigns (for example, the Hidden Tear's Genocheats Ransomware), is notable for being a built-in feature of the window. Being capable of delivering instructions in French, Italian, Spanish, and English adds flexibility to the file-locking Trojan's campaign equally but doesn't give its premium unlocking services any additional credibility.

Saving Yourself from All-Too-Common Trojans

File-locking Trojans like the 'yoursalvations@protonmail.ch' Ransomware, remove any local backups that they can find while they're locking your files frequently, but not universally. These attacks are, accordingly, best mitigated by the existence of backed up media on other devices, either portable or cloud-accessed ones. Although there is a decryption utility that's compatible with some versions of this family of file-locker Trojans, it does require samples of both encrypted and unencrypted files for finding the encryption key.

Some of the measures by which threats of this type spread, and means of defending your PC against them, include:

  • Brute-force software can estimate login credentials and give remote attackers access to your network. Use passwords and usernames that abide by traditional security metrics for your account's protection.
  • Spam e-mails are prominent infection strategy for business sector-based targets and can include general-interesting disguises, such as news reports or ones that are specific to the company or employee. Scan your e-mail attachments before opening them with appropriate security tools, and be careful about enabling advanced document content.
  • Exploit kits are, sometimes, recruited for distributing file-locker Trojans. PCs with outdated software are more at risk from their drive-by-downloads, as are browsers with Flash, Java, or JavaScript enabled by default.

Users, also, may protect their PCs by having Windows-compatible anti-malware products identify and delete the 'yoursalvations@protonmail.ch' Ransomware, which they should do automatically.

The fact that the 'yoursalvations@protonmail.ch' Ransomware isn't restricting its victims to one country or another isn't remarkable but is a point worth mentioning. Anyone believing that where they live will protect their computers against threat actors who don't care how they make their money may find themselves getting an unhappy wakeup call.

Loading...