Your browser is obsolete!

The page may not load correctly.

Encrypt everything

Закодировать всё

Other issues in this category (19)
  • add to favourites
    Add to Bookmarks

Hunting for backups

Read: 115 Comments: 0 Rating: 3

News stories about encryption ransomware often indicate the types of files that can be encrypted by a specific ransomware species. Few people examine these file-type lists even though they may contain interesting information.

Let's see what criminals are after.

  • Popular office document formats (.ppt(x), .doc(x), .xls(x), .sxi, .sxw, .odt, .hwp);
  • Archives (.zip, .rar, .tar, .bz2);
  • Media files (.mp4, .mkv);
  • Emails and email database files (.eml, .msg, .ost, .pst, .edb);
  • Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd);
  • Source code (.php, .java, .cpp, .pas, .asm);
  • Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes);
  • Images, drawings, designs… (.vsd, .odg, .raw, .nef, .svg, .psd);
  • Virtual machines (.vmx, .vmdk, .vdi).

Here we can see document, image, and database formats… This list is by no means complete—it changes depending on what specific encryption ransomware strain is involved. Let's see what we can learn from this screenshot.

Tib is an extension for Acronis Backup files. Encryption ransomware will delete your data backups.

We already mentioned that encryption ransomware strives to delete Windows shadow copies, but those copies aren't the only way data is backed up. And criminals are aware of that.

#Trojan #Trojan.Encoder #encryption_ransomware #backup

Dr.Web recommends

Backing up your data is one of the key measures you can take to preserve your data. However, if you use backups, bear in mind that:

  • If your system was infected when you started making a backup, the backup may end up containing encrypted files. Therefore, make sure that you store several sequential backups;
  • If a backup file is stored on a compromised computer or is available over a network (including at the moment it was saved), encryption ransomware can delete it;
  • Do not create backups under your user account. Instead, opt to use a different account.

And using an anti-virus is imperative if you want to prevent ransomware from deleting your backups.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.