'.BACKUP File Extension' Ransomware

The '.BACKUP File Extension' Ransomware is a member of the CryptoMix or CryptMix Ransomware family of file-locking Trojans. Any '.BACKUP File Extension' Ransomware infection can disable your security software, block your media by using data encryption automatically, change filenames and generate ransom-themed messages. Keeping backups of your work on another machine and having anti-malware protection for removing the '.BACKUP File Extension' Ransomware infections are essential defenses against threats of this category.

The Next Trojan Mix-Up is a 'Backup'

One of the last, significant updates to the CryptMix Ransomware family, dubbed the Revenge Ransomware, is getting another variant that malware analysts are determining as being in a live deployment state. The infection strategies in use for the '.BACKUP File Extension' Ransomware's attacks are uncertain, but it keeps almost all of the payload intact. That makes the '.BACKUP File Extension' Ransomware capable of both attacking the data on any PC it compromises, as well as countering security features and software.

The '.BACKUP File Extension' Ransomware is a brand-new entry in its family, but the attack features are ones that it shares with relatives like the MOLE66 Ransomware, the SERVER Cryptomix Ransomware or the Tastylock Ransomware. These Trojans all employ encryption using the AES in CBC mode for locking files on your PC automatically, without any symptoms appearing while the threat searches your folders for documents, pictures and other media. Malware experts also verify the '.BACKUP File Extension' Ransomware's keeping the SVC-wiping function that prevents Windows from restoring the files from its default backup.

The '.BACKUP File Extension' Ransomware's changes from its immediate predecessors include new e-mail addresses in its Notepad ransoming notes and a different extension for the captured files ('.BACKUP'). The Trojan continues overwriting the filenames with semi-random characters, which may prevent the user from identifying the different content types it holds for ransom. However, malware experts rate documents, Microsoft Office content, Adobe PDFs, pictures and archives as being some of the highest-risk formats.

Trojans Telling You the Solutions to Themselves

The '.BACKUP File Extension' Ransomware's name, ironically, is a preemptive warning of the most appropriate action for taking against both it, and other members of the Revenge Ransomware and the CryptMix Ransomware's family. Without any free decryption or local backups available, victims can protect their work most effectively by saving copies onto another device regularly. Paying the ransom, as the '.BACKUP File Extension' Ransomware recommends in its Notepad messages, always includes the risk of a criminal's taking the payment, but giving the victim a real decryptor.

The '.BACKUP File Extension' Ransomware campaign is in its distribution phase against victims in the wild, although malware analysts aren't yet certain of what exploits for infection are at play. Spam e-mails and brute-force attacks are most relevant to users of business or government-oriented networks, while unsafe downloads from torrents or websites are traditional methods of compromising random, recreational-use systems. Having an anti-malware program available can help with removing the '.BACKUP File Extension' Ransomware and disrupting its intended payload.

The aggressive development of the '.BACKUP File Extension' Ransomware's family is just one of many cases of the file-locker Trojan industry's general alacrity. Individuals who forget their day-to-day backups may end up losing their files to more productive and driven criminals, and the software that they abuse.