As you know, there are more and more viruses and malware on the World Wide Web every day. But today, the consequences of their impact go far beyond disrupting the system. More and more criminals begin to extort money. These threats include the [email protected]_com virus, which is a ransomware. He appeared relatively recently, so the fight against him is quite laborious.
What is the [email protected]_com virus?
In principle, the “infection” itself works according to a well-established algorithm used in the most famous viruses like CBF, XTBL and I Love You.
Without going into the scheme of its work, only one thing can be said: the consequences of its influence are that all user files and documents are encrypted with a special algorithm, which the hackers themselves call RSA-1024. Ultimately, after encryption, no document or user file can be opened without a special key.
File names include [email protected]_com in addition to the existing extension. How to decrypt such files (and is it possible at all), we will now see.
How does a virus enter the system?
Penetrating a threat to an individual terminal or even to a local network can be done in several ways. The most common are e-mail containing attachments, downloaders that catch the virus directly on the infected site, or hidden objects that are activated when copying information from removable media. Sometimes you can "catch" it, even just by clicking on an advertising banner.
Email is considered to be the main tunnel. This does not apply to mail servers, but exclusively to accounts used in stationary programs like Outlook or third-party applications installed on computer terminals.
The user opens, say, a message about a change in the product supply agreement and looks at the attachment. It contains some file. If you see that the extension is unknown, it is better not to open it at all. But the postscript, they say, the attachment contains a scanned copy of the new version of the contract, confuses everyone, and the user opens the file without even thinking.
But very often you can find an attachment in the form of a plain text file or a Word document. The user clicks on it, and … off we go (note thatrenaming any file, giving it the extension.txt,.doc or the extension of the graphic object.jpg, is, as they say, quite elementary. And the system sees a registered file type in front of it and immediately tries to open it).
Sometimes there is an executable JS-file (Java Script) in the attachment, which cannot be opened at all!
The first sign of impact is the momentary "braking" of the computer. This indicates an excessive load on system resources due to the fact that the malicious code attached to the [email protected]_com file started the encryption process. By the way, it can take quite a long time, and no reboot will help. If you reboot the system, the virus will start its dirty work again. At the end of the process, we get fully encrypted files [email protected]_com. How to decipher them, we naturally do not understand. Instructions for the intended actions are offered a little later by the attackers themselves.
Hacker requirement algorithm
Ordinary users "catch" this virus, in general, infrequently. It is rather focused on commercial structures and organizations. At the same time, if the enterprise has a sufficiently extensive local network, encryption can affect absolutely all terminals connected to the network.
As the instructions attached to the [email protected]_com virus (how to decrypt the data - it is described in detail), there is an email that says that the filesencrypted with the RSA-1024 algorithm. Further, seemingly with good intentions, follows the statement that only the group that sent the message can decrypt the data. But such a service costs about 100 to 500 euros.
To get the [email protected]_com decryptor, send the KEY. PRIVATE file and several infected files to the specified email address. After that, it is assumed that the user will receive their own unique key. Frankly, it's hard to believe.
It is reported that you can not even try to decrypt [email protected]_com files yourself, since the only way out is to completely format the disk or partition. The hint immediately follows that the user's data is very important to him, so the formatting is impractical.
Should I mess with the attackers?
Unfortunately, gullible users or owners of very important information immediately run to pay for services, but receive nothing in return. If, at the dawn of this threat, someone might also have received the key, today one can not even dream of it - the usual extortion of money.
Some still try to use anti-virus scanners, but the trouble is that the virus is really detected by programs, it even seems to be treated and deleted, but the information remains encrypted.
Is there a decryptor for the [email protected]_com virus?
As for data decryption, practically no well-known anti-virus software developer can provide any specific and universal solution.
You can surf the entire Internet inlooking for a key. But nothing good will come of it. The only thing you can try is to look for already known keys like [email protected], [email protected], [email protected], etc. Perhaps some combinations will help, but you should not delude yourself.
How to get a decryption utility from the official website of the antivirus developer?
But let's see what can be done if the [email protected]_com virus is already caught. How to decrypt it, for example, the user does not know. In such a situation, provided that the official (licensed) version of anti-virus software is installed on the computer terminal, it is better to contact the developer's support center directly.
In this case, on the official website, use the request for treatment section, and then send several infected files. If you have a copy of the original uninfected object, even better. In such a situation, the probability that the data will be decrypted increases many times, since, for example, the [email protected]_com Kaspersky virus (standard scanner) simply cannot be cured.
If all else fails…
If for some reason the answer is not received, and there are no intentions to contact the attackers, there's nothing to be done. The only way out is to format the hard drive. In this case, you need to perform a full format, and not clear the table of contents.
It is worth mentioning separately that a virus, when penetrating a hard drive or its logical partition, could createown copy, so you will have to format absolutely everything that is, and install the system again. There is no other way.
By the way, utilities loaded before the system starts (like Kaspersky Rescue Disc) won't help either. As mentioned above, they will detect the virus, even delete it, but they will not be able to restore the data to its original readable state. This is understandable, because initially even such powerful utilities, in general, were not designed for this.
A few last tips
Here, in fact, the [email protected]_com virus is considered. How to decrypt it? To this question, as is already clear, there is no answer. It is better to protect yourself from the threat entering the system in advance.
Only open email attachments from trusted sources should not be clicked on Internet advertisements. Pay special attention to letters in which the name of the attached file contains abracadabra (some kind of unreadable characters), and changing the encoding does not help to see the name in a normal representation. In general, be vigilant!
Well, it goes without saying that there is no point in paying money to extortionists and not getting the necessary key in return. However, this is proved quite simply by the example of other well-known viruses and malicious codes that have already been registered in world practice.
