Home Malware Programs Ransomware '.010001 File Extension' Ransomware

'.010001 File Extension' Ransomware

Posted: November 13, 2018

The '.010001 File Extension' Ransomware is a file-locker Trojan that can encrypt media files so that they will not open. Its attacks also add extensions to their filenames, create ransoming messages, and may include other symptoms, such as erasing backups. Back up your work for its safety and always resolve infections by uninstalling the '.010001 File Extension' Ransomware with a professional anti-malware program.

An Obese Trojan with a Skinny Payload

A file-locking Trojan campaign whose first, verifiable victims are inside the borders of Japan is making attacks that use both encryption and the Bitcoin cryptocurrency for making money out of blocking media. However, what malware researchers are finding most uncharacteristic about the '.010001 File Extension' Ransomware is its size, which, as a Windows executable, is ten times that of the average Trojan of its kind. The over nine-megabyte program has no immediate relationship with more efficiently-coded threats like Hidden Tear, but its method of attack operates similarly.

The '.010001 File Extension' Ransomware adds the '.010001' extension to the names of all the media files that it encrypts for locking, which uses an unidentified algorithm (although AES, XOR, and RSA are the top choices for file-locker Trojans). After finishing encrypting JPG pictures, Word DOCs, and similar data, the '.010001 File Extension' Ransomware creates a Notepad text file. This English-language message asks for a five hundred USD ransom in Bitcoins, implying that the attacks against Japanese users are random or coincidental, rather than targeted. Malware researchers have no records of the wallet receiving any payments, for now.

Other than taking up more space than usual with its installer, the '.010001 File Extension' Ransomware resembles Hidden Tear and other, 'freeware' versions of file-locking Trojans that criminals customize for their campaigns greatly. Despite these shared traits, the '.010001 File Extension' Ransomware isn't a close relative of any family recognizably, but nearly three dozen AV brands are detecting it heuristically as a threat.

Preventing Your Data from Turning into the Wrong Number Kinds

Since the '.010001 File Extension' Ransomware's distribution model may be random, malware researchers aren't comfortable ruling out ad network-promoted exploit kits, threatening 'freeware' websites, or torrents as potential infection sources. Other campaigns are more often notable for targeting their victims by brute-force or RDP attacks, as well as e-mail messages with corrupted attachments. In all cases, owning security software, installing security patches, disabling unsafe content like Word macros or your browser's JavaScript, and using sophisticated logins can help with defending your computer.

The '.010001 File Extension' Ransomware is a Windows program and is potentially threatening to various formats of media in various locations, such as the desktop or your downloads folder. Users should back up the contents of these folders to another device regularly for keeping their options for data recovery open while reducing any dependency on decryption and, therefore, ransoms. Most professional anti-malware applications should delete the '.010001 File Extension' Ransomware with no obstacles, as of malware analysts latest reports.

With no obvious decryption solution to the public, the '.010001 File Extension' Ransomware is a small-scale repeating of the same theme as greater operations like Scarab Ransomware, and the rest of the RaaS industry. Forgetting to back your work up may cost you more money – or Bitcoins – than you would have thought possible.

Loading...