Arena ransomware attack

Arena ransomware goes on a worldwide rampage

Arena ransomware is a virus closely associated with CrySiS and Dharma malware families

Arena ransomware virus first appeared as a variant of CrySiS/Dharma malware. However, a little later, CryptoMix ransomware gang started using the same extension for its latest variant that was first discovered by a researcher Michael Gillespie.

If your files were encrypted and you can find .arena file extensions in their filenames, you can identify the ransomware family quite easily. The main difference between CrySiS Arena and CryptoMix Arena is that the CryptoMix variant replaces original filenames with hexadecimal strings. An example of the new filename is pN1K7230200106B6C29ECCG62801ZN43.arena.

The newly discovered Arena ransomware variant and its comparison to CrySiS/Dharma is provided on the 2-Spyware website. The new version creates a _HELP_INSTRUCTION.TXT file to provide the ransom payment guidelines and ms.heisenberg@aol.com email address so that the victim could contact the criminals. The Dharma variant provides Macgregor@aolonline.top, chivas@aolonline.top or sindragosa@bigmir.net email addresses in FILES ENCRYPTED.txt ransom note.

Distribution of the malicious virus

CrySiS and CryptoMix crypto-ransomware families are extremely active nowadays as they release new variants every week or two. CryptoMix ransomware variants are known to be distributed via EITest campaign using RIG-V exploit kit. To put it simply, you can get infected with the ransomware by visiting a compromised website that contains a malicious script testing your computer for software vulnerabilities.

However, both ransomware families do not forget traditional malware distribution measures such as malvertising, malicious spam, and Trojan horses. Be careful and do not open shady-looking email attachments, even if they look like they were sent by a reliable company or a person. When in doubt, scan them via online file scanning services such as VirusTotal. However, having an up-to-date anti-malware software can prevent you from launching malicious files as well.

Decryption of .arena files

The most important question that bothers computer users is whether it is possible to decrypt .arena files for free. Unfortunately, at the moment files with these file extensions cannot be decrypted using any third-party tools. We suggest looking for updates on the 2-Spyware website.

You should remove Arena virus from the system to continue using your computer safely. Scan the system with a good anti-malware program while in Safe Mode with Networking to eliminate all malware that might have sneaked into your computer over time.

Posted in 2-spyware.com support.

Leave a Reply

Your email address will not be published. Required fields are marked *