Mordor Ransomware–Threat In Detail
Mordor is a new crypto-malware Ransomware virus that encrypts the file, important documents, vidoes and images found on the target PC. It uses the combination of RSA-2048 key and AES CBC 256-bit encryption algorithm method to encrypt the files. After the encryption is been done, Mordor Ransomware appends “.mordor” as the extension to the encrypted files. As the pattern of Ransomware, this one also leaves a ransom note for its victims that contains the ransom note and instructions on how to pay the ransom. The ransom amount demanded by Mordor Ransomware is $100 which is approximately 0.07 Bitcoins.
|Description||Mordor Ransomware encrypts files, videos, images and texts stored on the target PC and demand a ransom amount from users to decode the files.|
|Occurrence||spam mail attachments., exploit kits, malicious links and java script codes..|
|Possible Symptoms||The ransom note can be seen on desktop and other file directories and files could not be accessible.|
|Detection Tool||Download the Detection tool– To confirm attack of Mordor Ransomware virus on your computer.|
Mordor Ransomware is distributed via email spam attachments which might be in the form of a RAR, ZIP and un-archived DOCX-files that containing malicious macro. Many cyber-criminals uses spam techniques to trick users by heading the mail as any invoice or shipment. Other sources might include visiting infected websites containing java script codes, exploit kits and spam bots. As you open the document or click the link, the payloads of Mordor Ransomware gets downloaded on the system and installed without any user’s permission.
More about Mordor Ransomware
Mordor Ransomware may attack any sort of window’s OS like Vista, Windows 7, Win 8 and Win 10. Once installed, this Ransomware uses strong encryption algorithm combination of RSA-2048 key and AES CBC 256-bit. This means files are locked with public and private key. Thus users are left with no option except to pay the ransom and get their fiels back.
Mordor Ransomware may drop malicious payloads and entries in the windows’s registry to auto-launch its program.
It searches for various important files like Documents, PDF, photos, music, videos, databases, etc to encrypt them. After encrypting the files, the ransomware changes the desktop wallpaper to ransom note:
Along with that, Mordor Ransomware also leaves a ransom note detailed with how to contact them and decrypt files.
The ransom Note says:
List of file extension encrypted
→ .sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt