'savefiles@india.com' Ransomware
The 'savefiles@india.com' Ransomware is a file-encryption Trojan that was first spotted by freelance malware researchers. Upon testing this file-locker ability, it was discovered that this project is likely to still be in development because it is unable to cause harm to the files on the victim's machine, therefore rendering this threat useless completely. Ransomware authors usually rely on complicated file-encryption algorithms to ensure that their victim will not be able to access their files. They make money by promising to provide the victim with decryption software in exchange for money – usually, the ransom payment is made via a cryptocurrency (like Bitcoin) to guarantee the anonymity of the attacker.
While the 'savefiles@india.com' Ransomware does not encrypt any files, its authors have not forgotten a ransom message, which tells the victim that their important documents, databases, photos, and other files have been encrypted securely. They continue by adding that the only recovery option is to send them a $500 ransom payment via a Bitcoin transaction. In addition to this, they state that the price is $500 for 72 hours, but they do mention what happens after the deadline passes – usually, attackers either increase the ransom sum or delete the private decryption key after the deadline.
The last lines of the ransom note (found in '!!!SAVE_FILES_INFO!!!.txt') contain the victim's unique ID accompanied by the two addresses, which can be used to get in touch with the cybercriminals behind the 'savefiles@india.com' Ransomware – savefiles@india.com and BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch.
While the current variant of the 'savefiles@india.com' Ransomware is unlikely to end up on your computer, it is entirely possible that the authors of the ransomware might start distributing it when it is complete. The best way to avoid threats like the 'savefiles@india.com' Ransomware is to learn more about the primary techniques used to spread file-encryption Trojans – spam emails and direct attacks or unsecured remote desktop software (TeamViewer, WinVNC, etc.). The spam email campaigns usually rely on fraudulent messages, which come with a corrupted attachment, which might often be an archive or a document that executes unsafe macro scripts when opened. We advise you to be extra careful when viewing messages from unknown senders, especially if they seem surprising and contain a file attachment. As for RDP (Remote Desktop Protocol), we advise you to update your remote administration software to its latest version, as well as to make sure that the connection is protected by a strong password that only you know.
Naturally, the last and most important security measure is to use a trustworthy anti-malware utility that is up-to-date since it has the ability to detect and terminate potentially unsafe files and connections immediately.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.