'.excuses File Extension' Ransomware
The '.excuses File Extension' Ransomware is a file-locking Trojan that uses encryption to keep documents and other media from opening. Any locked files include the '.excuses' extension. Malware experts advise disregarding all ransom demands that this Trojan delivers, using free data restoration options, when possible, and having a reputable anti-malware utility uninstall the '.excuses File Extension' Ransomware from your PC.
The Automatic Extortion Machine
The days of Russia's arguably greater protection from local file-ransoming campaigns are long over, and malware experts find new evidence of that fact routinely. The '.excuses File Extension' Ransomware is one of the latest threats in the file-locking Trojan classification that specializes in extorting money from Russian speakers after using unknown exploits for infecting other PCs. Unlike some systems that the cybercrooks employ in similar campaigns, the '.excuses File Extension' Ransomware's ransoming mechanics benefit from the robustness of being automated.
The '.excuses File Extension' Ransomware uses an unknown encryption standard for locking different formats of files and may block media that includes documents, pictures, archives, databases, spreadsheets or slideshows. The '.excuses' tag it appends on each name serves as a means of assisting the victim with determining the extent of the data loss. It also includes a simple text file-generating function that delivers its ransoming instructions, which inform the users to e-mail the threat actor's address with their IDs included in the subject line for automatic processing.
Despite its extension being in English, the '.excuses File Extension' Ransomware uses Cyrillic for its instructions and is targeting Russian speakers exclusively. Malware researchers have not identified the infection methods that the '.excuses File Extension' Ransomware campaign uses. Spam e-mails, RDP vulnerabilities, torrents, and brute-force attacks that compromise short, simple passwords are previously-notable factors in similar attacks. The decryption of any data that the '.excuses File Extension' Ransomware locks may or may not be practical, and users should back up their media instead of assuming that they can reverse any damage that this Trojan causes.
No Excuses for Paying Ransoms
Although malware experts aren't able to contact any victims for additional details on the negotiating process, the con artists usually demand a cryptocurrency or voucher-based ransom that prevents refunding. Paying doesn't always give the victim a decryption program, and users should consider doing so only after exhausting all other options.
Reoccurring tactics related to file-locking Trojans include fake package invoices, fraudulent Web-browsing content that encourages the victim to enable scripts that instigate drive-by-downloads and mislabeled downloads on file-sharing networks. Anti-malware programs can provide some degree of protection from most, but not all infection vectors that malware experts list as being notably high in traffic. They also should delete the '.excuses File Extension' Ransomware immediately and interrupt its payload, without letting it lock your files.
The unique flavor of Russian Trojans often results in idiosyncrasies in their development, but that makes a minimal difference with their payloads. Whether it operates in Russia, Brazil, or North America, the '.excuses File Extension' Ransomware is another case of why it's wise to back up anything that you're not comfortable with losing.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.