Home / malwarePDF  

Ransom:Win32/Warik.A


First posted on 29 October 2014.
Source: Microsoft

Aliases :

There are no other names known for Ransom:Win32/Warik.A.

Explanation :

Threat behavior

Installation

This threat might be installed by other malware.

Payload

It encrypts certain types of files on your PC in all drives from a:\ to z:\ so you can't use them. It adds the string ".block" to the end of files it decrypts, as in this screenshot:



In any folder with encrypted files it drops a text file (.txt) written in Russian, called ДЕШИФРАТОР.txt (translated from Russian into English as decoder.txt).

The text file tells you to send a code, copies of the encrypted files, or a copy of the text file to a specified email address to decrypt your files.



When translated from Russian into English, the instructions are:

Attention!

If you are reading this message, it means that your computer has been attacked by a dangerous virus.

All of your information (documents, databases, backups and other files) on the computer was encrypted.

All encoding files have the extension .block

In any case, do not change files! And do not use other people's decoders, you can lose your files forever.

Drop us an email to , to know how to get the decoder.

If we have not responded to you within 3 hours - resend letter again.

In the letter to insert text from a file ' ДЕШИФРАТОР.txt ' or write the number .
In the first letter do not attach files intended for decryption. You will receive all instructions in the response letter.

It encrypts files with the following extensions:

  • .$$$
  • .1cd
  • .1CL
  • .7z
  • .7zip
  • .a2u
  • .ABD
  • .accdb
  • .arc
  • .ARJ
  • .bac
  • .backup
  • .bak
  • .bkc
  • .bkf
  • .bkp
  • .blf
  • .bln
  • .bmp
  • .box
  • .bpl
  • .bpn
  • .cbu
  • .cdr
  • .cdx
  • .cer
  • .cf
  • .cfu
  • .CSV
  • .DB
  • .db3
  • .dbf
  • .dbx
  • .dd
  • .dfp
  • .dic
  • .djvu
  • .dmp
  • .doc
  • .docx
  • .dt
  • .dwg
  • .efd
  • .eif
  • .elf
  • .epf
  • .eps
  • .erf
  • .ert
  • .FBK
  • .fdb
  • .FLX
  • .frf
  • .frp
  • .frw
  • .gbk
  • .gdb
  • .gdoc
  • .gho
  • .ghost
  • .ghs
  • .gif
  • .gsheet
  • .gz
  • .gzip
  • .hbi
  • .hbk
  • .hdf
  • .HIS
  • .htm
  • .html
  • .ib
  • .ID
  • .idf
  • .ifo
  • .indd
  • .iso
  • .jpeg
  • .jpg
  • .key
  • .kwm
  • .ldf
  • .ldw
  • .lgf
  • .lgp
  • .lnk
  • .lst
  • .lzh
  • .m2v
  • .map
  • .max
  • .MB
  • .mcx
  • .md
  • .mdb
  • .mdf
  • .MKD
  • .mov
  • .mxl
  • .mxlz
  • .nbi
  • .nbr
  • .nrg
  • .ods
  • .odt
  • .p12
  • .packed
  • .pas
  • .pdf
  • .pfl
  • .pfx
  • .pgd
  • .pgp
  • .plan
  • .pln
  • .png
  • .ppd
  • .ppt
  • .pptx
  • .psd
  • .pst
  • .pwm
  • .PX
  • .rar
  • .rcf
  • .res
  • .RN
  • .rst
  • .rtf
  • .sel
  • .sql
  • .SRX
  • .tab
  • .tar
  • .tbb
  • .tbc
  • .tbh
  • .TBI
  • .tbk
  • .tbn
  • .tgz
  • .tib
  • .TPL
  • .trn
  • .txt
  • .vhd
  • .vmdk
  • .vmem
  • .war
  • .wav
  • .XG0
  • .xls
  • .xlsx
  • .xml
  • .YG0
  • .zip
  • .zrb
  • .zsp









Analysis by Carmen Liang

Symptoms

The following could indicate that you have this threat on your PC:

  • Files on your PC have ".block" added to the end as in this screenshot:


  • You see a text file on your PC that looks like this:

Last update 29 October 2014

 

TOP

Malware :

Family: