Iron ransomware virus is considered to be a new version of Maktub infection which we analyzed in March, 2016. Until now, the virus had been silent, no users reported to be compromised by this infection. However, in April of 2018, creators of Maktub Locker are now operating with a new variant. Iron crypto-malware locks victims’ files by suing a combination of AES and RSA algorithms. After digital data is ruined, it starts featuring .encry extension (Maktub ransomware: possibly rebranded as Iron). From this small detail, users can separate unharmed files from the ones that have been encrypted.
Iron crypto-virus adds .encry extension to encrypted data and requires 0.2 BTC
While you might expect that Iron virus would make a few references to the original version of Maktub Locker, in reality, the new ransomware does not reveal any association to the former infection. Iron crypto-malware sets a lock-screen and declares that all documents, photos databases have been encrypted. In the message, victims can either enter secret servers through provided public gates, or can send 0.2 BTC to 1cimKyzS64PRNEiG89iFU3qzckVuEQuUj Bitcoin wallet. After that, victims should contact [email protected] and inform hackers that the ransom has been paid.
While the lock-screen does not appear very appealing, the creators of Iron ransomware put more work into the design of their payment portal. After entering personal IDs, victims will be introduced with the introduction, reminding them that their files are encrypted, and they have to pay the ransom in less than 65 hours until the ransom increases.
Further on, the ransomware promises that the private master-key can easily decrypt files, and finally provides very thorough information about the ransom. During the first 3 days of infection, people will be required to pay 0.2 BTC (about $1200). From the 3rd to the 6th day, victims can pay 0.5 BTC (about $3000). Further on, the ransom continues to increase. After more than 15 days, the ransomware reaches $102000.
Back in the day of Maktub Locker, victims of this virus were able to recover 1 file for free. However, Iron virus does not offer such generosity. After it chooses which files to encrypt (from 374 targeted file types), the only way to recover files is to pay the ransom. Furthermore, because of the fact that the ransomware includes resources in Chinese Simplified, researchers are guessing that the authors of this virus might be Chinese speakers.
Even though researchers have indicated that Iron ransomware is related to Maktub Locker, it is still unknown whether both versions are created by the same people. Currently, we do not have any specific information, regarding the free decryption of files.
How to protect my files from Iron ransomware?
Since we do not have any helpful information, concerning the decryption of files that the Iron virus ruined, we can only remind you the most basic recommendations that you should follow. First of all, store you important files in backup storages. At least put some of it USB flash drives if you are not a fan of online storages. In some cases, victims of ransomware can restore their files by using Shadow Volume Copies. However, Iron virus initiates a command to remove them.
Options for the removal of Iron crypto-malware
Before getting rid of this infection, you should be aware of the ways that it might attempt to enter your operating system. Some sneaky ransomware viruses use deceptive email letters. In your account, you might suddenly notice messages from unknown sources. Please download attachments only from respectable sources.
If you are tired of being threatened by malware, we hope that you will consider installing Spyhunter anti-malware tools. Both of them will enhance your browsing and make sure that your device is properly protected. If you are interested in the manual system restoration, check out guidelines in this article. The first steps you will have to complete are these:
The manual removal includes these steps:
- Rebooting your computer in Safe Mode (Enable Safe Mode with Command Prompt)
- Once Command Prompt launches, type in cd restore and press enter.
- Enter rstrui.exe and press enter again.
- Click “Next” in the Window which appeared.
- Select one of the Restore Points which would suggest a date before Magniber ransomware infected your device.
- Click “yes” to start a system restore.
Automatic Malware removal tools