Home Malware Programs Ransomware 'suppfirecrypt@qq.com' Ransomware

'suppfirecrypt@qq.com' Ransomware

Posted: November 19, 2018

The 'suppfirecrypt@qq.com' Ransomware is a variant of the Dharma Ransomware, a series of file-locker Trojans that use custom e-mails and extensions for separate infections. An attack by the 'suppfirecrypt@qq.com' Ransomware can block your files by encrypting them, wipe some forms of backup data, and demand ransom money through text and pop-up warnings. Use anti-malware products for stopping an installation exploit or removing the 'suppfirecrypt@qq.com' Ransomware along with remote backups for restoring your work.

The Latest Burn from Ransomware-as-a-Service

The Crysis Ransomware family's prominent sub-branch of the Dharma Ransomware is showing off another variant, which, malware experts estimate, is already in the wild. The attacks by the 'suppfirecrypt@qq.com' Ransomware are similar to those of its close and distant relatives broadly, ranging from this year's 'blacklist@clock.li' Ransomware and the 'help@decrypt-files.info' Ransomware to the 2016's 'Lavandos@dr.com' Ransomware or the 'amagnus@india.com' Ransomware. Victims can expect most of their media files being at risk.

The file-locking feature that forms the core of the 'suppfirecrypt@qq.com' Ransomware's payload can lock documents, audio, pictures, databases, compressed archives, spreadsheets, slideshows, and other content types with both AES and RSA encryption algorithms. The major differences that the 'suppfirecrypt@qq.com' Ransomware displays versus any old variant are cosmetic: adding a different extension to their names (in this case, '.fire') and promoting different e-mail addresses in its ransom notes. It also inserts an ID number that's specific to individual infections.

As usual, this Trojan can employ both Notepad TXT and advanced HTML-based messages for demanding money for its decryptor. While there isn't a free decryption service for the latest versions of the Dharma Ransomware, paying the ransom has a far from one hundred percent correlation with receiving any unlocking help. Victims should be cautious about voucher or cryptocurrency payments particularly, such as Bitcoins, which may not be refundable.

Exploring Your Options against a Tweaked Trojan

Although the 'suppfirecrypt@qq.com' Ransomware is pretending that it's the 'explorer' component of Windows, this disguise is, most likely, only meant as a plausible way of excusing the threat's system persistence. Most infection vectors for the 'suppfirecrypt@qq.com' Ransomware's family focus on Remote Desktop exploits, brute-force attacks that can break non-secure logins, or spammed message attachments against known employee e-mail accounts. Workers should receive education on the dangers of opening unsafe e-mail attachments, such as Word documents with macros, update their software routinely, and use non-default, strong passwords.

While malware researchers find most members of RaaS businesses conducting attacks against members of the business sector, the 'suppfirecrypt@qq.com' Ransomware's encryption can harm files on nearly any Windows computer. It also, like nearly every version of the Crysis Ransomware, removes your ShadowVolume Copies, which means that non-local backups are the best option for saving any media. Most anti-malware products should delete the 'suppfirecrypt@qq.com' Ransomware without problems, even though unlocking or decrypting the Trojan's hostage files isn't possible.

Nearly every brand in the AV industry of note is identifying the 'suppfirecrypt@qq.com' Ransomware as being threatening, and most of them, also, detect its family accurately. Those who choose not to protect their files will reap the consequences of their oversight – which can, sometimes, be paid out in Bitcoins.

Loading...