‘.invaded File Extension’ Ransomware

The '.invaded File Extension' Ransomware is a new build for the Jigsaw Ransomware, the file-locker Trojan that also displays pop-ups and deletes some of its encrypted media periodically. All of these features are functional for this variant of the threat, and any victims should be careful to respond both quickly and with this article's additional recommendations for preventing more loss of data. As always, one should ignore any ransom demands, and trust a high-quality anti-malware product for uninstalling the '.invaded File Extension' Ransomware.

An Invasion in Search of Bitcoin Plunder

The Trojan that got its infamy from both locking and erasing media is coming back for a new campaign, thanks to an unknown threat actor. This version of the Jigsaw Ransomware, the '.invaded File Extension' Ransomware, may or may not be in deployment, yet, since its executable isn't using a filename that would conceal its presence or trick the victim into opening it. However, since nearly all of the '.invaded File Extension' Ransomware's code is prefabricated, any victims should presume that it's a viable danger to any non-backed up files.

The '.invaded File Extension' Ransomware is leveraging its payload against English speakers and uses encryption as a way of blocking files such as documents, pictures, or any other formats that the threat actor specifies. The extension in its name is a new tag for this threat and gives any victims an immediate way of finding out which content is encrypted. Other symptoms remain withheld until the end of the '.invaded File Extension' Ransomware's payload, which includes displaying pop-up ransoming warnings with a Hitler-themed image.

The Jigsaw Ransomware variants, like the majority of file-locker Trojans that malware experts examine, ask for Bitcoin ransoms typically. The '.invaded File Extension' Ransomware also includes one of the most important features of this family, similarly to '.black007 File Extension' Ransomware, the Pennywise Ransomware, the Ramsey Ransomware or the Monument Ransomware: it also deletes the files permanently. This attack operates on an hour-long timer but also occurs when the program launches, which it does whenever the computer restarts.

Putting the Puzzle of Data Security Back Together

The Jigsaw Ransomware represents an especial danger to any locally-saved media, such as workplace documents, due to its multiple ways of causing more damage beyond that of a simple encryption routine. Any PC users with a possible infection should avoid rebooting their machines without using alternate startup methods, such as USB drives, that bypass the Registry exploits that launch the Trojan. Doing so sufficiently promptly can disable the '.invaded File Extension' Ransomware before it deletes any other files, after which, the user could recover any 'locked' content with the public, free decryption application.

The favoritism threat actors show towards e-mail for spreading new file-locker Trojan infections could lead to the '.invaded File Extension' Ransomware's installing itself after the victim opens a malicious document, particularly when enabling macros. Associated Trojan droppers also may use misleading format names or icons, and, in some cases, brute-force attacks also can give criminals a backdoor into your PC. Use an appropriate, Windows-compatible anti-malware product for deleting the '.invaded File Extension' Ransomware, preferably, after disabling it, as noted above.

The attacks of the '.invaded File Extension' Ransomware's family add both timing limits and increased stakes to what could be a simple mistake of opening an inappropriate e-mail attachment. Whether the '.invaded File Extension' Ransomware is a political message or a meme, it also is a showing of how PC users need to stop tempting criminals by being willing to pay for covering up their mistakes.