If your Windows operating system is vulnerable at the moment, we suggest securing it as soon as possible because OFFWHITE Ransomware is a monstrous infection that could try to exploit vulnerabilities. It is most likely to use RDP security backdoors to slither in, and you could be tricked into executing it yourself. If trusted security software exists to guard you and your operating system against malware attacks, it should be able to locate and remove the threat before it encrypts files. However, if security software does not exist or if it is not equipped to deal with this particular ransomware, the encryption of files found on the system could start immediately. Unfortunately, it appears that files are not only encrypted but also exfiltrated. Perhaps, files and data are moved before the ransomware even strikes. This is not common behavior for ransomware, and it is most likely that this infection was built to attack networks, companies. Needless to say, deleting OFFWHITE Ransomware does not solve any of these problems.
Are you familiar with an infection named NEFILIM Ransomware? It is believed that OFFWHITE Ransomware is a new variant of this threat. Quite likely, the same attackers stand behind both of them. You can find the NEFILIM Ransomware removal guide on our website, but the OFFWHITE variant needs to be looked at as a unique threat. For one, when it encrypts files, the “.OFFWHITE” extension is added to their original names. Also, the threat is capable of encrypting everything besides COM, CPL, DLL, EXE, INI, LNK, MP3, and MP4 files. Everything else is encrypted using a complex algorithm, which ensures that free decryptors cannot restore files. Just like NEFILIM, OFFWHITE Ransomware removes itself after your files are encrypted. Of course, before that, it drops the ransom note file. In fact, there are two of them – “scam.jpg” in %TEMP% and “OFFWHITE-MANUAL.txt” in %HOMEDRIVE%. The first file changes the Desktop wallpaper, and so you cannot escape the ransom note message. That being said, while these files are not malicious, paying attention to the message represented via them can be dangerous.
Do you know Samantha Kirbinron, Denis Ufliknam, or Robert Gorgris? We are sure that you do not, unless there is a huge coincidence, and you actually know people by these names. OFFWHITE Ransomware lists these as people that you need to contact to get instructions on how to restore the encrypted files, and we are sure that these identities are completely fictional. Undoubtedly, if you decide to send two encrypted files to SamanthaKirbinron@protonmail.com, DenisUfliknam@protonmail.com, and/or RobertGorgris@protonmail.com, cybercriminals will be able to make demands. The ransom note that you are introduced to via JPG and TXT files does not actually reveal what the attackers want from you, but they threaten to leak the exfiltrated data if you do not contact them immediately. However, before you take this step, you need to think about a few things. First of all, if you expose yourself via email, you could get your inbox flooded with intimidating and malware-containing messages. Therefore, you should create a new account if you are determined to communicate with cybercriminals. When it comes to paying a ransom – and we are sure that you will be instructed to do that – consider all outcomes. Ideally, you will get your files back, and the exfiltrated data will be destroyed. However, it is also possible that your files will remain encrypted, and the exfiltrated data will be used to blackmail you in the future.
Even though OFFWHITE Ransomware removes itself after it is done encrypting files and dropping the ransom notes, it is possible that other threats exist on your operating system, which is why the first thing we recommend doing is inspecting the system thoroughly. If other threats are found, implement trusted anti-malware software to have all threats deleted at once. Even if all you need to do is delete OFFWHITE Ransomware components – and you can use the manual removal guide below for that – we advise implementing anti-malware software for the full-time protection it can provide you with. When it comes to paying the ransom, we dare not make any recommendations because we do not know what kind of data could have been stolen or encrypted. If all you care about is recovering files, we hope that you have backups stored online or on external drives. They can replace the corrupted files. If you are worried about sensitive data leaks, you might consider paying the ransom. However, remember that cybercriminals cannot be forced to decrypt your files or destroy the exfiltrated data even if you pay the ransom.