Aztecdecrypt@protonmail.com Ransomware

The Aztecdecrypt@protonmail.com Ransomware is an English variant of the Scarab Ransomware family. These file-locker Trojans distribute themselves with a Ransomware-as-a-Service model, typically, attacking vulnerable business networks. Since infections may cause file damage such as encryption or deletion, you should respond by removing the Aztecdecrypt@protonmail.com Ransomware with anti-malware tools immediately, disabling network connections temporarily, and recovering your data through standard backup procedures.

These Trojan Bugs are Going South American

The Scarab Ransomware family of note for its targeted attacks against the Russian business sector particularly, is taking a new spin on its branding for the non-Russian development branch of its software. This new, file-locking Trojan, while showing no statistics of targeting nations like Brazil, is delivering a payload that's suitable to extorting money from English speakers in general. As with most members of the Scarab Ransomware's family, the Aztecdecrypt@protonmail.com Ransomware is asking for Bitcoin ransoms after efficiently blocking the victim's media content.

The Aztecdecrypt@protonmail.com Ransomware runs an AES-256 encryption routine for targeting different media formats, out of which, malware experts confirm the blocking of Microsoft Office work (such as Excel spreadsheets or Word's DOCs), PDF documents, images like JPGs or GIFs, and over a dozen others regularly. The Aztecdecrypt@protonmail.com Ransomware also appends the e-mail of its name into the filenames in the form of an extension, which is a trait that it shares with some of the other, English-based Trojans from the Scarab Ransomware business. Malware experts recommend against assuming any visual anomalies will help with detecting the file-locking feature, which runs in the background, silently.

The threat actors who are maintaining the Aztecdecrypt@protonmail.com Ransomware variant of that family, also, are using a copy-pasted version of one of the most widely-distributed ransom notes. This Notepad message, which the Aztecdecrypt@protonmail.com Ransomware creates after blocking the user's media, issues a warning about a generic 'security problem' and includes details appropriate for transferring a Bitcoin ransom. However, buying decryptors with such methods is liable to failure for multiple reasons, including the software not including a legitimate decryption function or the threat actors not caring enough to provide their help afterward.

Getting to the Heart of Aztec Trojan Issues

Security issues with the Aztecdecrypt@protonmail.com Ransomware extend beyond that of the encoded files not opening. Malware analysts also warn of the following concerns, at a minimum:

• The Aztecdecrypt@protonmail.com Ransomware can remove the Shadow Volume Copies, which Windows uses for reinstating your PC to an earlier state through a Restore Point. The wiping of this default backup keeps the users from retrieving their files with the OS's default recovery options.
• Many members of the Scarab Ransomware family will target business networks and other, vulnerable servers with brute-force techniques. These strategies can compromise non-secure login credentials and passwords that let a remote attacker drop, install, and run the Trojan manually.

Users should disconnect their workstations or other, compromised PCs from any network connections that could let the threat actor's attacks continue. There is a limited decryption service for the Scarab Ransomware releases, although they can't promise a definitive decoding solution to anything that this threat blocks. As a result, the users should depend on the usual anti-malware services for isolating and deleting the Aztecdecrypt@protonmail.com Ransomware safely.

The 'Aztec' theme of the Aztecdecrypt@protonmail.com Ransomware's ransoming address isn't likely of being more than a random choice by its admins. Without reports from the victims of its attacks, most Windows users should assume that they're in danger from its file-locking infections potentially, which apply to the OS nearly universally.