'.Merry File Extension' Ransomware

'.Merry File Extension' Ransomware Description

The '.Merry File Extension' Ransomware is an update of the 'Merry X-Mas!' Ransomware, a Trojan that locks your files with encryption and promotes a fake Comodo service for recovering them. Paying ransoms to this Trojan's administrators may or may not help you restore your content, and malware experts recommend making regular backups to make the risk non-essential. Anti-malware products previously working against old versions of this Trojan should detect and delete the '.Merry File Extension' Ransomware.

A Belated Seasonal Greeting

The same threat actors responsible for leveraging the 'Merry X-Mas!' Ransomware around Christmas, now, are responding to counter-developments in the cyber security community with an update to their Trojan. The new version, the '.Merry File Extension' Ransomware, may be out of season but is in live deployment as of late January. Its attacks still include locking your files for ransom, as well as additional updates to protect them from old decryption methods that negated needing to pay.

Installation exploits for the '.Merry File Extension' Ransomware emphasize the abuse of e-mail messages bearing attached documents in ZIP archives. The disguised documents, when opened, trigger an exploit for installing and running the Trojan automatically, after which the '.Merry File Extension' Ransomware conducts its payload of data encryption.

The '.Merry File Extension' Ransomware encrypts any files on the PC within its predesignated formats and locations and also adds a new '.Merry' extension to their names. The new file it drops on the compromised system also delivers the same ransoming message that's in use by the 'Merry X-Mas!' Ransomware. The most notable element of the text is its claim of being a data recovery service on offer by Comodo, a real anti-virus company. However, con artists are the actual recipients of any cash transactions and may not reward you with a decryptor that unlocks your data.

Canceling a Late Christmas on Your Computer

In the recent past, the cyber security industry has managed to decode content that the '.Merry File Extension' Ransomware's predecessor blocks, afterward making the decryption application free for download. The '.Merry File Extension' Ransomware's threat actors now are using a different encryption method, but the chances are high that this algorithm, too, is susceptible to cracking by appropriate researchers. For other cases, when decryption is impractical, malware experts highly encourage keeping backups that you update appropriately, which makes any warnings by Trojans of this category relatively trivial.

The '.Merry File Extension' Ransomware also includes several cautionary lines in its ransoming process that it intends to force victims into paying in as short a time frame as possible. Countdown timers for erasing your files may or may not follow up with any real file-deleting functions, and recommendations against using appropriate security software or recovery strategies almost always are bluffs. Anti-malware tools that scan known infection vectors should catch and delete the '.Merry File Extension' Ransomware while also stopping the Trojan from locking anything on your hard drive.

Threat campaigns like the '.Merry File Extension' Ransomware's attacks update themselves just as often as any law-abiding software projects. Computer users who have any files worth keeping should invest in the simple solution of updating their anti-virus and backup solutions to keep up with these trends.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to '.Merry File Extension' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: January 27, 2017
Threat Metric
Threat Level: 8/10
Infected PCs 417
Home Malware Programs Ransomware '.Merry File Extension' Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.