Ims00ry Ransomware
The Ims00ry Ransomware is a file-locking Trojan that blocks media on your computer with AES encryption. Other symptoms include a hijacked wallpaper and a matching text message. Users can protect themselves by backing their work onto another device or use free decryption tools for undoing the damage after deleting the Ims00ry Ransomware with a compatible anti-malware application.
A Trojan that's 'Sorry – Not Sorry'
A file-locking Trojan that resembles, but is distinct from, past threats like Hidden Tear is giving its victims surprisingly 'affordable' ransoms after attacking their work. While the Ims00ry Ransomware is one of the cheapest Trojans of its kind, it also harbors ill tidings for anyone who pays thoughtlessly, since its encryption strength isn't particularly laudable. Already, countermeasures by the PC security community have paid off and are providing routes towards free 'unlocking' solutions for anyone's files.
The Ims00ry Ransomware is a Windows program that encrypts media, such as documents, with AES-128. Somewhat disingenuously, it also adds markers that with 'AES-256' strings inside of these files, which is its means of identifying any blocked content for decrypting later. Malware researchers failed at finding any additional security measures, such as an RSA key, that would secure this attack from third-party intervention.
The Ims00ry Ransomware's 256 key-size references continue in its ransom notes, which consist of a background wallpaper and a Notepad TXT that share the same instructions. Both of them open with an apology, warn the user about unbreakable AES-256, RSA-4096 cryptography, and include directions for paying a Bitcoin wallet for the criminal's unlocking aid. The cost is no more than fifty USD in cryptocurrency, which increases the chances that a victim might pay before realizing the Trojan's bluff over its security.
Making Hackers Feel Truly Sorry for Their Crimes
The Ims00ry Ransomware includes many of the lesser-known features of Ransomware-as-a-Service families like the Scarab Ransomware. It wipes out Shadow VolumeCopies, disables some security services, and deactivates system boot-related alerts. Together, these features make infections into potentially permanent data loss scenarios, unless the victim has a decryptor that's specific to the Ims00ry Ransomware.
However, thanks to its insufficient internal security, the Ims00ry Ransomware's encryption is breakable by third-party tools. Users can download appropriate freeware from reputable AV vendors and recover their files with direct decryption. Since this solution is less likely with most file-locker Trojans, malware experts caution users against ignoring backup maintenance that can be the only resource left between victims and an unlucrative extortion situation.
Update your anti-malware services and use them for scanning downloads before opening them for reducing the chance of infections. Most AV vendors' products should delete the Ims00ry Ransomware heuristically and will identify it under generic entries.
The Ims00ry Ransomware isn't sorry for what it's done, but it can make users who pay without pondering instantly remorseful. Always check for preexisting solutions before taking the most drastic path that's available to get your files back in your hands.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.