SnowPicnic Ransomware is similar to Scrabber Ransomware but unlike the previous version none of its samples that our specialists tested worked properly. However, we were still able to gather various details about the malicious application from its source code. Given its samples did not work correctly, our researchers doubt the malware will be spread widely if it will be at all. To learn how it could enter your system or what it might do afterward, you should read the rest of our article. At the end of the text, you can find instructions showing how to eliminate SnowPicnic Ransomware manually too, which might be useful if you come across this malicious application. As always, users who have more questions about the threat or want more help with its deletion can leave us messages in the comments section.
First things first, let us begin from how SnowPicnic Ransomware could appear on your system. If the threat is being spread, we believe it might be traveling with malicious email attachments. Usually, in such cases, targeted victims receive email attachments that may look like text documents, pictures, or other harmless data. The message next to it may claim it is essential to launch the attached data as fast as possible. Needless to say, if you receive a file from an unknown sender or something you were not expecting to get, you should always scan such data with a reliable security tool first. If the chosen tool detects anything malicious about it, it is best to get rid of the suspicious data at once. Of course, your antimalware tool should help you take care of it.
Soon after infecting a computer, SnowPicnic Ransomware should encrypt user’s files. The only data it does not encipher is the one located on in %PROGRAMFILES(x86)%, %PROGRAMFILES%, and %WINDIR%. The rest of the files should get a second extension called .snowpicnic and become unusable, for example, flowers.jpg.snowpicnic. Next, the malware is supposed to create a couple of documents called Read.TXT and Read.HTML in every directory containing encrypted files. After opening these files, victims ought to see a ransom note written by SnowPicnic Ransomware’s developers. The samples we tested included a couple of lines saying: “Your files has been encrypted with Millitary Grade Algorithm AES-256 (Advanced Encrypting Standard) https://en.wikipedia.org/wiki/Advanced_Encryption_Standard, And for decrypt: Buy to my wallet 0 bitcoins, not 0.5, not 1, not 2, 0 bitcoins!”
Based on the fact the ransom notes of the tested samples do not give any instructions on how to pay a ransom or ask for any payment, it seems to us the malicious application might have been created as a joke, or it could be still in the development stage. If more versions show up that would ask for a payment or contacting the malicious application’s developers, we do not recommend doing so for anyone who does not want to risk losing their money in vain. Hackers behind threats like SnowPicnic Ransomware can be persuasive and promise anything, but in the end, there is not knowing if they will keep up to their end of the bargain.
For users who come across SnowPicnic Ransomware and have no intention to put up with any demands, we advise eliminating it at once. To remove it manually, you could use the instructions located at the end of this article. There is also another way to delete it if you like using automatic features. In such a case, you should install a reliable antimalware tool and let it remove the malicious application for you.