Home Malware Programs Ransomware '!@#$%^&-()_+.1C File Extension' Ransomware

'!@#$%^&-()_+.1C File Extension' Ransomware

Posted: October 12, 2018

The '!@#$%^&-()_+.1C File Extension' Ransomware is a part of the RotorCrypt Ransomware's family of file-locking Trojans, which can prevent your files from opening with the RSA encryption. While its attacks only impact media that isn't integral to the OS, it is a danger to your documents, images and recreational or work-related data. Keep external backups of any valuable files and use professional anti-malware products for removing the '!@#$%^&-()_+.1C File Extension' Ransomware without risking any further harm to other settings, like the Windows Registry.

The RotorCrypt Ransomware Comes Back for More Russian Money

The Russia-specialized family of file-locking Trojans, RotorCrypt Ransomware, is getting renewed circulation in October, with its new, minimalist variant giving a bare minimum of instructions to any victims. The '!@#$%^&-()_+.1C File Extension' Ransomware isn't a substantial update compared to the months-older 'nautilus369alarm@gmail.com' Ransomware, the Patagonia92@tutanota.com Ransomware, the Starbax@tutanota.com Ransomware or the 'Blacknord@tutanota.com' Ransomware. Despite it only having a few changes, the '!@#$%^&-()_+.1C File Extension' Ransomware is a credible competitor to the more-numerous Scarab Ransomware family for blocking Russian PC users' files permanently.

The '!@#$%^&-()_+.1C File Extension' Ransomware adds the extension from its name to every file that it locks, which malware analysts note, is a routine that, still, uses RSA-based encryption. Files such as JPGs, TXTs, DOCs, and GIFs are part of its whitelist and will not open until after the user can decrypt them with the customized key. Unlike most file-locker Trojans, the '!@#$%^&-()_+.1C File Extension' Ransomware doesn't change the Windows wallpaper, create advanced pop-ups, or employ other, cosmetic elements for warning the victims.

The '!@#$%^&-()_+.1C File Extension' Ransomware also places an 'INFO' Notepad file on the user's desktop. Other than a series of e-mail addresses and a brief, Russian sentence telling the reader to contact them, the file offers no ransoming information. While malware researchers recommend against the paying of ransoms for any decryption help regularly, such payments will utilize cryptocurrencies like Bitcoin or prepaid vouchers usually. These transfers, usually, are not refundable easily, which allows the criminals to make a profit without giving a real decryptor to their 'customer.'

The Cost of Looking into the Wrong Window

Like all versions of the RotorCrypt Ransomware, the '!@#$%^&-()_+.1C File Extension' Ransomware is a Windows software. Malware researchers also find some evidence of the '!@#$%^&-()_+.1C File Extension' Ransomware's installation and persistent exploits using disguises related to fake versions of the Windows 10 Professional, which could be a sign of it using torrents or free-downloading websites for circulating. Most AV vendors are detecting this new variant of the RotorCrypt Ransomware family, however, and readers should remember the danger of using illicit or unofficial download resources, that are heavy infection vectors for file-locking Trojans particularly.

The '!@#$%^&-()_+.1C File Extension' Ransomware completes its file-locking sequence before showing the ransom note and extensions that are the only symptoms of visible notice to the victims. Free decrypting for the '!@#$%^&-()_+.1C File Extension' Ransomware's family isn't an option, and users should be attentive to backing up their media to other devices that are safe from its attack especially. Alternately, nearly all credible anti-malware programs should delete the '!@#$%^&-()_+.1C File Extension' Ransomware beforehand.

Getting your software from a pirated source is tempting since there's no up-front cost to a download. With the '!@#$%^&-()_+.1C File Extension' Ransomware campaign, it appears that the real price isn't worth it, no matter how short on money for a Windows license you might be.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to '!@#$%^&-()_+.1C File Extension' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.