• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • News
  • Tutorials
  • Ransomware TV

Amnesia Ransomware Decryptor Developed by Emsisoft

February 24, 2018Simeon Georgiev

Amnesia is one of the latest ransomwares that happened to take the world by storm in the year 2017. The ransomware, created using the Delphi language, encrypted and infected files on countless computers throughout the world and was essentially spread in the form of email attachments.

How does Amnesia Work?

Much like any other ransomware or the majority of malware that have made their way into the digital realm, the Amnesia ransomware makes use of an encryption algorithm. What this encryption algorithm essentially does is that it changes the data of the files to a form in which it is no longer readable.

Even though several people complained about their files becoming encrypted by the Amnesia ransomware, there have been inconsistencies in the reports of people who claim how much data was encrypted by the ransomware. These inconsistencies were seen on multiple forums where the ransomware was being discussed. Users pointed out the difference in the sizes of the original and encrypted versions through which the assumptions about the percentage or amount of data that was being encrypted were being made.

How Can You be Sure that Your Files were Encrypted by the Amnesia Ransomware?

If you find any files in your system that end with extensions “.amnesia”, then it goes without saying that you can be certain that this is the doing of the Amnesia ransomware. But that’s not the only extension that the ransomware uses. In fact, there are quite a number of different extensions that are given by the malicious software to files that have become encrypted. These extensions include: “.01”, “.02”, “.am”, “onion”, “.TRMT”, “.LOGOZ”, “.[black.mirror@qq.com].oled”,  “.@decrypt_files2017”, “.SON”, “.[Help244@Ya.RU].LOCKED”, “.@decrypt2017”, and “.CRYPTBOSS”.

But that’s not all.

Once the ransomware has successfully managed to encrypt certain files, it also creates a .txt file in every folder that contains these encrypted files titled “HOW TO RECOVER ENCRYPTED FILES.TXT”. Upon opening this file, you will see the following message:

“============================================
YOUR FILES ARE ENCRYPTED!

Your personal ID: –

Attention! What happened?
Your documents, databases and other important data has been encrypted.
If you want to restore files send an email to: s1an1er111@protonmail.com
IN a letter to indicate your personal identifier (see in the beginning of this document).

Attention!
* Do not attempt to remove the program or run the anti-virus tools.
* Attempts to self-decrypt files will result in the loss of your data.
* Decoders are not compatible with other users of your data, because each user’s unique encryption key.
============================================”

For assistance with file recovery and ransomware removal, please contact MonsterCloud – cyber security experts for a professional ransomware removal.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: simeon10georgiev@gmail.com
Previous post Amnesia Ransomware: Here’s What You Need to Know Next post WannaCry: How does it Work?

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • Microsoft Windows flaws exploited by hackers for ransomware attacks
  • Emotet botnet reawakens and is infecting devices worldwide
  • Ways to Catch Cybercriminals
  • What Expertise is Required to Deal with Ransomware Removal?
  • Tips to Prevent Ransomware Attacks on Your Device

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.