'+superuser111@0nl1ne.at File Extension' Ransomware

The '+superuser111@0nl1ne.at File Extension' Ransomware is a file-locking Trojan that keeps a broad range of different media formats from opening by encrypting each file with a Blowfish cipher. Since a free decryption solution for this Trojan has yet to be available, users should back their files up to other devices for the long-term security of their work. PCs with a dedicated anti-malware program should, in most cases, remove the '+superuser111@0nl1ne.at File Extension' Ransomware before its payload can lock or delete any of your files.

The Result of a Careless Download that's not So Super

Belarusians are the subject of a file-locking Trojan's campaign that derives much of its code from previous, similar threats. The '+superuser111@0nl1ne.at File Extension' Ransomware conducts its extortion communications in both English and Russian and includes additional support features that malware experts don't often see. The '+superuser111@0nl1ne.at File Extension' Ransomware also uses an updated algorithm for keeping the files of infected PCs locked without leaving itself vulnerable to freeware decryption countermeasures.

The '+superuser111@0nl1ne.at File Extension' Ransomware is one of the few file-locking Trojans that uses Blowfish, instead of AES, XOR, or RSA, for locking files. Malware researchers also are finding atypical filtering options in its attacks, which exclude Notepad files, MP3s, AVI movies, and several directories (such as Windows, Users, and Program Files). Any media that doesn't fall under these flags undergoes the Blowfish encryption process with a secret key that the '+superuser111@0nl1ne.at File Extension' Ransomware uploads to a remote server.

The '+superuser111@0nl1ne.at File Extension' Ransomware also, like the separate GandCrab3 Ransomware and the Scarab-Danger Ransomware, provides ransoming instructions that promote Jabber as one of its options for negotiating a ransom payment. Malware analysts have yet to confirm the cost of this threat's decryptor, but victims considering paying always should remember that criminals may accept the money without giving anything back to them. Although some file-locking Trojans with very similar payloads are decryptable without any charges, there is no similar, public solution for the '+superuser111@0nl1ne.at File Extension' Ransomware.

The Risks of Taking Your Backups for Granted

Backups always are the most dependable solution to undoing any file loss from threats of the '+superuser111@0nl1ne.at File Extension' Ransomware's category. However, not all backups are effective against file-locking Trojans equally, and many, including the '+superuser111@0nl1ne.at File Extension' Ransomware, conduct additional, data-deleting attacks against local ones. This Trojan erases BAK and TIB files – the formats that are associated with generic and Acronis-brand backups – while it locks the rest of the hard drive's contents. The recommended storage solutions for countering the '+superuser111@0nl1ne.at File Extension' Ransomware infections include network-based cloud services, USBs, DVDs and other, removable devices.

Spam e-mails and the attachments they trick victims into opening are responsible for many file-locking Trojans' campaigns. Otherwise, malware experts also are rating poor network security as being a probable cause for infections, especially, with threat actors targeting various business networks. Update your anti-malware products and keep them active for deleting the '+superuser111@0nl1ne.at File Extension' Ransomware before its encryption feature can become a concern.

For now, most reports of the '+superuser111@0nl1ne.at File Extension' Ransomware attacks are arriving from residents of Belarus. That statistic is subject to change in the future, however, and most file-locking Trojans don't filter their targets particularly strictly.