Ssimpotashka@gmail.com Ransomware

The Ssimpotashka@gmail.com Ransomware is a file-locking Trojan that can encrypt text documents, images, and other media formats to prevent the user's opening them. As a member of the Scarab Ransomware family, the Ssimpotashka@gmail.com Ransomware may be compatible with freeware decryption solutions, although malware researchers recommend backing up your files for a more comprehensive data recovery method. Let your anti-malware products handle uninstalling the Ssimpotashka@gmail.com Ransomware or removing the threat before it attacks.

A New Amnesia Ransomware Makes you Pay for Forgetting Your Backups

Threat actors are continuing to maintain active distribution channels for file-locking threats from the Russo-English Scarab Ransomware family, whose hallmarks include Remote Desktop-based infection techniques, AES encryption and the scrambling of filenames. The latest English-specific variant that malware researchers confirm is the Ssimpotashka@gmail.com Ransomware, which is dropping an identical payload to past versions, but with a new e-mail address. Decryption for free, while not theoretically possible, has yet to receive confirmation of working through publicly-available software.

Infection strategies for the Ssimpotashka@gmail.com Ransomware may use such methods as spam e-mails, exploit kits or torrents, but are likely of specializing in RDP and brute-force attacks statistically. These techniques can compromise vulnerable server PCs by breaking their passwords and giving a remote attacker direct control over them for installing arbitrary programs. The Ssimpotashka@gmail.com Ransomware, as a member of the Amnesia Ransomware fork of its family, uses an AES-based encryption routine that's similar to that of the Scarab-Walker Ransomware or the Scarab-Osk Ransomware.

While it's locking Word or PDF documents, pictures, and additional formats of media, the Ssimpotashka@gmail.com Ransomware also overwrites the filenames with Base64-like random strings of characters. The users can identify the files from temporary or junk data separately by searching for the extension it also adds, which is the e-mail address noted in its name. Since this family erases the Windows operating system's backup points habitually, the Shadow Volume Copies can't recover these files, which is why malware researchers advise storing your backups elsewhere.

Remembering the Easiest Ways of Countering a Forgetful Trojan

The Ssimpotashka@gmail.com Ransomware's family, while attentive of compensating for the presence of local backups, has no noteworthy features for deleting non-local ones, such as those the user might store on peripheral devices or a cloud service. Potential victims of these attacks, such as server administrators, also can monitor their RDP settings and use unique and secure passwords for keeping criminals from gaining any unwarranted access to their systems. Most file-locker Trojan campaigns that don't employ brute-force attacks take advantage of risky Web-browsing habits from their victims, such as opening spam e-mail attachments.

Another characteristic of the Ssimpotashka@gmail.com Ransomware's family is the presence of Notepad ransoming messages. This Trojan uses a copy of previous notes with nothing more changed than the e-mail address for contacting its threat actor. Malware experts strongly advise against paying the ransom, which almost always uses currencies that disallow refunds. Free decryption software may be capable of 'unlocking' the associated files, and, in the meantime, most anti-malware tools can delete the Ssimpotashka@gmail.com Ransomware automatically.

As much as the Ssimpotashka@gmail.com Ransomware is a direct clone of the previous Trojans in its family tree, it also is a capable danger to documents and other, digital media equally. The popularity of these threats among criminals makes it questionable increasingly as to why anyone would save files worth any amount of money without also protecting them from simple encryption attacks.