The firstname.lastname@example.org is trojan-ransomware and first started appearing in mid 2015. Like most of its ransomware counterparts when it infects, this malware (or cryptoware) encodes your files and demands payment for decryption services claiming that they are irretrievable without payment. Unlike most ransomware, it tries clumsy social engineering techniques: part of its subterfuge is in the misleading title (a quick search reveals that freespeech.org is a legitimate and informative independent news ‘site). Another confidence trick is the shallow one of giving the impression that the information and e-mail address supplied belong to people who want to help – at a price – and not from the hackers responsible. This is pure rubbish – the encrypted files have its address as part of their code extension. How stupid do these people think we are?. After it has subverted your files, the program supplies you with an I.D number and requests you to contact them to find out how to pay and receive the key. Destroy email@example.com immediately, if you are unlucky enough to see it’s sorry appearance. And Do Not Pay – even if you have not backed up essential files, there is possibility of decryption…
How firstname.lastname@example.org can enter a system
Like similar manifestations in the trojan-ransomeware category email@example.com can be contracted in several ways. The most common is currently spam e-mails with attachments. Another method can be unwittingly downloading in bundles of freeware, where it is concealed. It is also disguised in fake pop-ups offering updates for popular freeware like Adobe, Flash Player, V.L.C, &c. Visiting questionable websites can leave a computer open to exploitation by tools that target system vulnerability and can result in the trojan being invisibly dropped during a short browsing time. A less common though viable threat is through remote desktop access. Remember that preventing firstname.lastname@example.org is far easier than the removing and data recovery it can cause. Prevention can be implemented through good practice (and good software), whereas having to uninstall email@example.com will take time and perhaps additional software.
What to do if infected with firstname.lastname@example.org virus
Some lesser A/V software, or programs that are not up to date with current threats, may have problems detecting email@example.com. There are several manual ways that you may possibly notice infection before encryption is complete:
- your system speed will noticeable slow as the virus works in the background;
- processes and your screen will freeze randomly for short periods;
- there may be an increase in unsolicited adds and pop-ups;
- it may be possible to detect extra traffic through ports.
If you suspect that you have the virus, the first step is to sever all connections with the internet – wired and wireless. Also any network share connections. Then make an external back-up of your files (on a USB Flash for example). If you haven’t received notification of encryption, then either use the manual Safe Mode with Networking option to find and remove firstname.lastname@example.org (see details below), or install suitable software to do the job automatically. Once this has been done, run a check of files.
Decrypt email@example.com Files
Luckily, there is a free utility made by Kaspersky that can decrypt firstname.lastname@example.org encrypted files. In order to decrypt the files, please follow these steps:
STEP 1: Download the free decryption tool from here: http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.exe . You must download it to the infected computer.
STEP 2: Run the RakhniDecryptor.exe.
STEP 3: In the program window click the Change parameters link.
STEP 4: In the Settings window select which drives to scan.
STEP 5: Select the checkbox Delete crypted files after decryption.
STEP 6: Click OK.
STEP 7: Click Start Scan.
STEP 8: In the Specify the path to one of encrypted files dialog, select the folder with encrypted files you and click Open.
STEP 9: The decryption utility will start recovering the password. It is possible that you receive the following message:
STEP 10: Wait patiently, until the utility is done. In some cases it may take days for the decrypter to finish. Please, keep in mind that you must not turn off the computer, nor stop the decryption process. It is necessary to go to Power Options and disable Turn off the display, Hybernate, Sleep, until program has finished; set to Never for these options.
Decrypt email@example.com Video Guide
How to prevent firstname.lastname@example.org ransomware
- Install an advanced scanning/anti-virus program with updates;
- Browsing – adjust security on your browser settings to the highest levels to warn about harmful ‘site content;
- Always use Advance/Custom download options and go to official company ‘sites for freeware;
- Avoid opening suspicious files/e-mails/pop-ups;
- Secure or disable RDP;
- Secure networks for access only to Authenticated Users;
- Look into Window’s Software Restriction Policies that block executable files from running when they are located in specific paths – check the Microsoft website for details;
- Make regular file back-ups either on an external drive, or in the cloud – just in case…
So, here are solutions to this particular parasite and its extortion, though with good practice – and tough software – you shouldn’t need help with threats like this again!