'Decryptallfiles@india.com' Ransomware
Posted: November 29, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 112 |
| First Seen: | November 29, 2016 |
|---|---|
| Last Seen: | May 22, 2023 |
| OS(es) Affected: | Windows |
The 'Decryptallfiles@india.com' Ransomware is a Globe Ransomware variant that uses encryption ciphers to lock your files. Although con artists profit from these attacks by 'selling' their decryption help back to their victims, the risks of such transactions cause malware experts to recommend other recovery solutions, as applicable. Many anti-malware programs should be able to detect and delete the 'Decryptallfiles@india.com' Ransomware outright before its payload can damage the contents of your hard drive or server.
The Globe with an Infinite Number of Faces
With little need to innovate on the well-worn code of previous threats, threat actors are releasing new variants of the Globe Ransomware into the wild regularly with seemingly realistic expectations of profit. Members of the Globe Ransomware family are notable for their slightly non-traditional enciphering methodology, which uses a Blowfish algorithm to block the victim's data. Malware analysts are finding new Trojans like the 'Decryptallfiles@india.com' Ransomware in independently-orchestrated campaigns on an almost daily basis.
While the 'Decryptallfiles@india.com' Ransomware's most high-priority attack is its ability to encrypt your files, its most visible symptom remains the advanced HTML (or '.HTA') pop-up window that the Trojan uses for delivering ransom-paying instructions. Once it blocks your files by encoding them, it loads the pop-up, asking you to contact its e-mail address for data recovery help. The 'Decryptallfiles@india.com' Ransomware's message may try to mislead any victims into believing that the associated threat actors are working as support technicians or other PC security experts.
Symptoms malware analysts also underline as being likely during the 'Decryptallfiles@india.com' Ransomware infections include:
- The 'Decryptallfiles@india.com' Ransomware will insert its e-mail address into the name of any file it enciphers in the form of an extra extension. Note that removing the new tag doesn't impact the encryption routine that blocks your files from being readable by associated software.
- The 'Decryptallfiles@india.com' Ransomware also may supplement its ransom instructions with additional imagery it loads through hijacking your desktop's wallpaper. Previous attacks from the 'Decryptallfiles@india.com' Ransomware's family are notable for using this feature for scare tactics, such as claiming that the Trojan has an affiliation with Anonymous.
- Victims also should assume that default backup and system restore data stored by Windows locally may be compromised and deleted by the 'Decryptallfiles@india.com' Ransomware.
Why File Recovery may not be Worth the Effort
The 'Decryptallfiles@india.com' Ransomware represents all of the security risks malware analysts already find present in past versions of similar Trojans, from the August's Purge Ransomware to the November's 'Grapn206@india.com' Ransomware. Although the damage caused by the 'Decryptallfiles@india.com' Ransomware may be permanent, victims are invited to try free decryption applications before searching for more arduous solutions. Threat actors responsible for file-encrypting Trojan campaigns accept ransoms while not returning any decryption solutions routinely, making paying the ransom a high-risk option.
After its installation, the 'Decryptallfiles@india.com' Ransomware may block access to your security software or features, in addition to any problems it causes by locking your data directly. To remove it safely, reboot your PC with Safe Mode as per the recommendations for your version of Windows, and use anti-malware tools able to scan your Registry and other areas of your PC to delete all of the 'Decryptallfiles@india.com' Ransomware's components. The 'Decryptallfiles@india.com' Ransomware, like all members of the Globe Ransomware, is only known for targeting Windows PCs.
While the 'Decryptallfiles@india.com' Ransomware and threats like it remain in distribution, anyone with high-value work or crucial files would do well to remember how little effort it takes to make a quick backup, and how much money it can save.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.