The STOP/Djvu Ransomware family has introduced another ransomware known as OOII Ransomware. It mostly spreads via unreliable downloads, phishing emails, and questionable advertising content.
OOII Ransomware operators seek a quick payoff from victims by encrypting their critical data and then demanding a ransom payment in exchange for a file decryptor. OOII Ransomware locks most file types, including photos, music, documents, and videos.
Victims initially learn of the OOII Ransomware infection when they discover that encrypted files have been appended with the ‘.OOII’ suffix. They then notice a ransom note on their desktop in the form of the “_readme.txt” document. The note asks the victim to pay either $980 or $490 for file decryption depending on whether contact is made in the first 72 hours. It also provides the victim with contact information to communicate with the hackers.
Should victims try to contact the criminals through the given emails, helpteam@mail.ch and helpmanager@airmail.cc, they will be advised to send one file to the attackers to have it decrypted for free. Supposedly, this should prove that the hackers can unlock the victim’s files upon receiving ransom payment in full.
The emails can also be used to communicate with the hackers, but we never advise victims to engage with these criminals. They will certainly not help you for free, and paying a ransom never guarantees that you will receive any decryption tools.
How Do I Deal with an OOII Ransomware Attack?
To mitigate potential damages in the event of a ransomware attack, it is advisable to keep backups of your valuable files that can easily be reuploaded to another device. It is also strongly recommended that you employ a reputable anti-malware tool to scan for and remove OOII Ransomware from your system.
