Home Malware Programs Ransomware ASN1 Ransomware

ASN1 Ransomware

Posted: December 2, 2016

The ASN1 Ransomware is a piece of ransomware that uses the Italian language for its ransom note. The ransomware samples discovered online only featured one copy of the ransom note, and an English translation was not found. This may mean that the ASN1 Ransomware's primary targets are Italian-speaking PC users, but it is also highly possible that this threat's corrupted files may reach users in other countries as well. The ransom message that the ASN1 Ransomware uses to tell users what happened to their files also may include a unique link to a page hosted on the Dark Web. The link is custom-tailored according to each victim, and it features information about the ransom fee they need to pay in exchange for their files. As expected, the ransom note also tells users that they need to install & run the Tor Browser to access the page that contains the steps that must be completed to access the decryption instructions.

Apart from encrypting a fairly large number of files, the ASN1 Ransomware also leaves behind a '.htm' file called '!!!!!readme!!!!!'. This file contains the Italian instructions mentioned earlier, and unsurprisingly it also warns users that any attempt to recover their files without the attacker's instructions may cause permanent damage to the encrypted files. Users whose files were locked by the ASN1 Ransomware reported that the Dark Web page told them to pay a ransom fee of 0.25 Bitcoins, and they'll get instructions on how to decrypt their files. However, upon paying the ransom fee, the users only received an SHA1 key and an ASN1 key without any instructions on how to use them. It is recommended to avoid paying the ransom fee that the ASN1 Ransomware asks for because, as you can see, even fulfilling all of the con artist's requirements does not guarantee a positive outcome.

The removal of the ASN1 Ransomware may not be one of the most challenging tasks, but restoring the encrypted files may be nearly impossible unless you have a recent backup to recover your files from. All file recovery operations must happen only after you are 100% certain that the ASN1 Ransomware has been removed from your computer completely with the help of credible anti-malware software. Using the Shadow Volume Copies may allow you to restore your files partially, and some 3rd-party file recovery utilities may turn out to be a useful ally in your attempts to recover from the ASN1 Ransomware's attack.

Loading...