Home Malware Programs Ransomware 'everest@airmail.cc' Ransomware

'everest@airmail.cc' Ransomware

Posted: October 29, 2018

The 'everest@airmail.cc' Ransomware is a variant of the Everbe@airmail.cc Ransomware, a file-locking Trojan that can block documents, images, and similar media through encrypting them. Like many threats from its category, the 'everest@airmail.cc' Ransomware, also, creates ransoming messages that sell its decryption help to the victims, can attack additional data over networks, and may remove your Windows backups. Have a compatible anti-malware application delete the 'everest@airmail.cc' Ransomware before, ideally, using your last backup for retrieving the non-encrypted copies of your files.

A Scenic Mountain View of Your Sabotaged Files

The Everbe@airmail.cc Ransomware, while not nearly as large as families like Hidden Tear or the Globe Ransomware, is active around the world continually, thanks to the efforts of a variety of threat actors. A new variant is blocking the files of the victims globally, with infections that malware experts are verifying for Italy and China. Remote Desktop exploits and brute-force attacks against vulnerable logins are a popular distribution model for the 'everest@airmail.cc' Ransomware's family, but readers shouldn't rule out other ones, such as e-mail attachments and drive-by-downloads from the Nebula Exploit Kit.

While old versions of the 'everest@airmail.cc' Ransomware's family were using a breakable encryption routine, the 'everest@airmail.cc' Ransomware, as a new variant, is more likely of using a secure one, with the customized RSA key uploaded to the threat actor's C&C server. This procedure lets the 'everest@airmail.cc' Ransomware blocks media on an infected PC (including, possibly, network shares), hold it hostage, and withhold the decryption code for restoring them until the victim pays a ransom. Some of the associated symptoms that malware experts are pointing out with the 'everest@airmail.cc' Ransomware, and other family members, include:

  • The 'everest@airmail.cc' Ransomware also alters the names of the same files that it locks by adding on its e-mail address, for negotiating, and an '.EVEREST' extension.
  • The 'everest@airmail.cc' Ransomware uses a concealed CMD command for removing the Shadow Volume Copies. This action prevents the users from using the Windows Restore Points for retrieving the media.
  • The users can find the ransoming instructions for the decryption solution in a Notepad file that the 'everest@airmail.cc' Ransomware creates, although malware experts advise against this risky and non-refundable means of data recovery.

Opting Out of a Costly Climbing Expedition

While it's running, the 'everest@airmail.cc' Ransomware is capable of locking files on a network-accessible drive equally, as well as the local ones, similarly to RaaS families like Globe Ransomware, the Scarab Ransomware, or the Dharma Ransomware. Users who notice the 'everest@airmail.cc' Ransomware in the act should disable network connections and avoid sharing removable devices until they can disinfect the PC. However, like its family members such as the notopen@cock.li Ransomware, the '.divine File Extension' Ransomware, the Hyena Locker Ransomware or the Evil Locker Ransomware, the 'everest@airmail.cc' Ransomware is most likely of attacking PCs under the control of a threat actor with a backdoor into the server.

Avoidance of non-secure login credentials will prevent many instances of brute force attacks against targeted servers, such as those of small to mid-size businesses with both valuable media and the financial resources for paying ransoms. Users also may want to scrutinize new e-mail messages with care due to the high correlation between opening spam e-mail attachments, including ones with customized disguises, like company-specific invoices, and file-locker Trojan infections. Anti-malware programs may delete the 'everest@airmail.cc' Ransomware safely but don't have decryption capabilities.

The 'everest@airmail.cc' Ransomware has non-significant changes to its ransoming details, but is, otherwise, typical of its family. Its counter-solutions are conventional equally, however, and any user who remembers the basics of network security and backing up their media shouldn't find themselves in need of paying a ransom.

Loading...