Ransomware removal experts have been able to unearth a new ransomware threat known as Armage Ransomware this week. It was located by a ransomware removal analyst named Leo.
How Does Armage Work?
The ransomware uses the cryptographic algorithm Advanced Encryption Standard 256 bit (AES) for its nefarious objective and modifies the files of victims with an extension of ‘.armage’. This means that if any of your files like a SQL database with the name of ‘EmployeeInfo.sql’ has been infected with Armage Ransomware then it will be converted into ‘EmployeeInfo.sql.armage’ and will not be accessible any further. A file by the name of ‘Notice.txt’ appears, serving as the ransom note from the cybercriminals.
Unlike other recent ransom notes, Armage Ransomware’s owners have included minimal details. The note acknowledges the encryption of files through the above-mentioned symmetric algorithm. An e-mail of armagedosevin@aol.com is provided for further communication.
They key for the decryption of the files is saved in a remote location that is accessible for Armage’s owners. Cybercriminals associated with the ransomware demand ransom and promise this decryption key in exchange for ransomware removal.
The ransom demand can depend on the victim’s data and its sensitivity and can fluctuate in the range of $500 to $1500, payable in the form of cryptocurrencies. The cryptocurrency can either be the popular Bitcoin or in some cases, Monero. Monero is a cryptocurrency that facilitates private exchange and thus has been a favorite for cybercriminals, especially those who exist on the Deep Web.
However, paying money to a cybercriminal is to strengthen support for the evil industry of ransomware campaigns. Hence, ransomware removal experts discourage paying even if the ransom amount is paltry. Your data can be recovered with proper tools and software, while you may also benefit through the rationality and decision-making of a security analyst.
