We have recently observed that there is a spike in ransomware releases, and Aes256 Ransomware is one of our recently analyzed computer infections. Our analysis has revealed that it encrypts files with an AES key and then demands that you pay an unspecified ransom to decrypt them. Instead of complying with the demands, you should remove it from your PC because you cannot trust this ransomware to decrypt your files once you have paid. In this short article we will cover things such as its dissemination channels, functions, and removal methods, so if you are interested, please continue reading.
This ransomware was first sighted in December of 2016. Our analysis has shown that it shares no similarities with any other ransomware-type application, so we think that it was developed by a group or person that is new to the ransomware developing game. Our research has shown that Aes256 Ransomware is distributed in a seldom used way. Its developer(s) chose to distribute it using Remote Desktop Protocol (RDP) that provides a user with a graphical user interface (GUI) to connect to another computer over a network connection. The cyber crooks use a brute-force attack that involves entering multiple passwords until they get the correct one then launch ransomware if they are successful. Given that this ransomware is distributed manually, the chances of getting your PC infected with it are rather slim because the crooks must target specific computers. Nevertheless, it is important to protect your PC from ransomware such as this one.
However, if Aes256 Ransomware happens to infect your computer, then we want to inform you that its main executable is named randomly and it can be placed anywhere on your PC, so detecting it manually can be a challenge. In any case, once on your computer, this ransomware will scan it for encryptable files as it targets nearly all file formats and particularly those that are apt to feature personal and, thus, valuable information. It was configured to encrypt your files with the AES-256 encryption key and then encrypt the key with the RSA-2048 key. The resulting decryption key is sent to the command and control server via the Internet, so you cannot find it locally on your PC.
Aes256 Ransomware drops a ransom note saying “We STRONGLY RECOMMEND you NOT to use any "decryption tools". These tools can damage your data, making recover IMPOSSIBLE.” Unfortunately, there is no free decryption program, to begin with, because this program requires a dedicated decryption tool created specifically for its encryption key. If you choose to pay the ransom, then you have to contact the criminals via one of two provided email addresses or BitMsg. You should receive payment instructions after contacting them. However, the ransom note does not specify the amount to be paid, but it can be anything from a couple of hundred to a several thousand dollars. Whatever the case may be, you should delete it instead because there is no guarantee that you will receive the decryption software.
As you can see, Aes256 Ransomware is a highly malicious application that can render your personal files inaccessible. There is no free decryption tool, but paying the cyber criminals is not an option because they might not keep their end of the bargain. We recommend that you remove this ransomware as soon as possible and suggest using SpyHunter, a program that will detect and delete it automatically.