Master ransomware virus is a fresh version of BTCWare variant and 38 out of 60 security tools indicated it as extremely malicious and dangerous. The recently detected sample exploits one of the AES ciphers to commit a cyber crime of encrypting files so they would no longer be accessible. The infection also features a screen-locker, announcing that a victim only has 36 hours until the key for decryption, concealed in private servers’ of hackers, will be permanently destroyed. To separate victims from one another, infection assigns individual ID numbers to recognize them individually. The ID code is found in the !#_RESTORE_FILES_#!.inf file which displays additional information about the variant.
Investigation of this virus
In the note, it is revealed that people can have 3 of their encrypted digital files decrypted free-of-charge. The main conditions are that not a single one of these executables would contain valuable data and would not be bigger than 1 MB. The email to be contacted for this function is [email protected]. During a conversation with hackers via this contact detail, victims will presumably be informed of the ransom that they are expected to pay for a full file-decryption process.
Money that are demanded for the private key for decryption might differ according to the amount of files that the AES algorithm influenced. After analyzing the malicious payload named 1.exe or [email protected], we noticed that the variant initiates a bunch of suspicious procedures. Some of the commands include deletion of volume snapshots, turning off startup repair, appending of entries in the Windows Registry, attempting to suppress failures during boot by running shell commands (to conceal that the ransomware initiated modifications in the operating system).
Also, according to the thorough investigation, crypto-virus carries out a command to exterminate all Shadow Volume Copies so victims would not be able to restore their data. [[email protected]].master extension joins each corrupted executable after its original one. This trait is a very common when it comes to ransomware as it helps victims figure out which data has been artificially made useless. For the time being, users do not have any guaranteed ways of recovering data. A free file-recovery tool might be introduced, but currently security researchers have not revealed about such an application.
You can try recovering your data from backup storages or other locations that you stored important executables in. Also, you could also give it a go with universal file-recovery tools that could help you successfully restore files, but this possibility is not a guaranteed solution. However, if you have uploaded files into an online backup storage or have placed valuable digital data in other location like USB flash drives, you can easily retrieve those executables.
Before starting a data recovery attempts, you should clean your operating system from malware so the infection would not re-encrypt files after your retrieve executables. For this purpose, you should use a sophisticated anti-malware tool that will successfully scan your entire operating system in the hopes of finding sources of malicious activity. If there is a payload of ransomware, Spyhunter or Malwarebytes will all be able to help you find the exact places that the malware is hiding in.
As for the distribution of Master crypto-virus, we have to warn you that the malicious payload might be transmitted via a spam campaign, featuring dangerous attachments. It might be that the payload will be identified as an informative attachment, providing details about a specific purchase, tax refunds, flight details ant etc. Before actually opening such files, we advise you to determine whether the sender is actually legitimate or only poses as a reliable source. If you have any questions, contact the contact, promoted in the official website of a specific facility.
Automatic Malware removal tools