Home Malware Programs Ransomware 'Okean-1955@india.com' Ransomware

'Okean-1955@india.com' Ransomware

Posted: August 17, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 64
First Seen: August 17, 2016
OS(es) Affected: Windows


The 'Okean-1955@india.com' Ransomware is a Trojan that targets data, blocks it with a data-modifying encryption routine, and sells a corresponding decryption service to its victims. PC operators should be especially on the lookout for e-mail attachment-based attacks that are most likely to install this threat, and use backups for protecting their data. Malware experts only endorse deleting the 'Okean-1955@india.com' Ransomware with a dedicated anti-malware program regardless of the fate of any encrypted files.

Trojans Milking Businesses for Ransoms in a Day

One of 2016's most enduring threat industry trends is the growing range of new file encryption attacks based on previous threats, such as the particularly widespread Troldesh Ransomware family. Being based on already-observed code doesn't necessarily prevent a Trojan from being a threat to your saved data, as malware experts see exemplified in the 'Okean-1955@india.com' Ransomware. This Trojan's campaign was confirmed in the middle of this year and targets NGOs, such as business organizations (most likely by exploiting e-mail-based infection strategies) currently.

Like other kinds of Troldesh Ransomware, the 'Okean-1955@india.com' Ransomware targets non-essential content, such as SQL, XLS or DOC. The 'Okean-1955@india.com' Ransomware also scans for local and remotely-accessible drive data associated with backups. An encryption routine modifies all 'appropriate' data and prevents it from being opened while the 'Okean-1955@india.com' Ransomware also adds ID numbers, an e-mail address, and the '.xtbl' extension to the names.

Victims are asked to pay for the safe return of their data, with additional instructions included in a text document and desktop-locked image. Although the 'Okean-1955@india.com' Ransomware places victims under a twenty-four-hour time limit, malware experts have not verified any data-deleting attacks, or similar functions, after the duration expires with no payments received.

Keeping Your King's Ransom for What Already Belongs to You

The 'Okean-1955@india.com' Ransomware is just a single example out of many cases of Trojans retooling themselves for targeting different victims and delivering ransoms to various con artist entities. Relatives of the 'Okean-1955@india.com' Ransomware that you may identify via similar symptoms include the 'alex.vlasov@aol.com' Ransomware, the Payfornature@india.com Ransomware, the 'Av666@weekendwarrior55' Ransomware, and over a dozen other threats. All attacks allow you to see which files the Trojan damages by noting the changes to their names. Note that renaming does not decrypt them or otherwise help you regain access to the locked content.

As a rule, malware experts discourage making ransom payments to con artists. These people may respond by providing a non-functional decryptor that may cause additional damage to your data, or by ignoring any requests for help after they receive their payment. Use backups stored in locations not accessible by the 'Okean-1955@india.com' Ransomware (such as a protected cloud server) to restore content that you can't decrypt. Some PC security institutions also offer decryption services for well-known families like the 'Okean-1955@india.com' Ransomware's group, although these solutions are not always successful.

Based on the 'Okean-1955@india.com' Ransomware's current targets of businesses dealing with high quantities of transactions, it's not only individual PC owners who are at risk from this new version of the Troldesh Ransomware. Use your anti-malware products to delete the 'Okean-1955@india.com' Ransomware, but follow good security protocols preferably to avoid the exploits by which the 'Okean-1955@india.com' Ransomware installs itself at all.

Loading...