Home Malware Programs Ransomware 'rescuers@india.com' Ransomware

'rescuers@india.com' Ransomware

Posted: December 20, 2016

Threat Metric

Threat Level: 8/10
Infected PCs: 56
First Seen: December 20, 2016
Last Seen: June 16, 2022
OS(es) Affected: Windows

The 'rescuers@india.com' Ransomware is an updated version of the Globe Ransomware, which blocks your files by encrypting them and ransoms them back to you for Bitcoin payments. Malware analysts see few changes between this threat and previous versions of the Globe Ransomware, although the 'rescuers@india.com' Ransomware does use a modified pop-up message. As usual, backing up all important information and having anti-malware protection for deleting the 'rescuers@india.com' Ransomware before it finishes installing itself are your mainstay defenses.

The Trojan Busily Rescuing Files from Their Owners

As holiday traffic intensifies, con artists are continuing to adhering to previously-proven strategies in generating profit for a minimum of effort through rented and cloned versions of past threats, including the file-encrypting ones. For the latter, malware experts confirmed a new variant of the Globe Ransomware family recently, the 'rescuers@india.com' Ransomware. Evidence for its campaign dates back to November, using unverifiable installation exploits.

The 'rescuers@india.com' Ransomware's primary attack of choice still uses Blowfish-based encryption for blocking files like documents and pictures. The threat also may provide assistance with identifying the damaged files by adding a personal extension. Like the rest of its family, the 'rescuers@india.com' Ransomware also bears a highly distinguishing feature in the form of its semi-intricate ransom messaging via advanced HTML.

The pop-up that the 'rescuers@india.com' Ransomware displays after it locks your content includes an ID number and instructions on how to pay a Bitcoin-based ransom. Although threat actors always claim to restore your files after receiving their money, malware experts often see them failing to act after profiting. The insistence on Bitcoin serves the double purpose of protecting the con artist's identity and stopping you from recovering your money via chargebacks afterward.

A Rescue that won't Cost You Anything

The payloads the 'rescuers@india.com' Ransomware implements aren't exceptionally creative and, for the most part, cause similarly localized damage to data like that of other versions of the Globe Ransomware. Since the Trojan may target your default system restore data for erasure, keeping backups elsewhere, such as on USB devices, may be crucial for rolling back any encryption damages. There are heuristic tools for decrypting members of the 'rescuers@india.com' Ransomware's family, although such new variants may require updates to these countermeasures.

Trojans like the 'rescuers@india.com' Ransomware often benefit from poor e-mail-checking habits, with PC users opening corrupted attachments disguising themselves as something else, such as FedEx notifications. In other campaigns, con artists may target a business entity's servers and crack their login passwords. Sophisticated password rotations and cautious behavior on the Web should block most means of the 'rescuers@india.com' Ransomware's installation.

Although this Trojan's pop-up is all but unmissable, the symptom appears after the attack damages your files. Removing the 'rescuers@india.com' Ransomware before it has the chance to cause any harm may require preventative security steps and anti-malware software, but is, ultimately, far less expensive than paying most ransoms.

Loading...