Remove Insom ransomware

Insom ransomware is a malicious infection that encrypts files. It’s a very dangerous type of malware that essentially takes users’ files hostage. The malware is part of the Makop ransomware family and can be identified by the .inson extension added to encrypted files. This ransomware not only demands a ransom payment but also threatens to publish users’ files on a Tor website if a payment is not made.

 

 

As soon as the ransomware enters a computer, it will begin encrypting files. The main targets are personal files, which users hold most important. That includes documents, photos, videos, images, etc. Encrypted files will be immediately recognizable because of the extensions added to encrypted file names. This ransomware adds the following extension: .[unique ID].[insomrans@outlook.com].insom. For example, an encrypted text.txt file would become text.txt.[unique ID].[insomrans@outlook.com].insom. All ransomware victims are assigned a unique ID, which the malicious actors use to identify each victim.

The ransomware also drops +README-WARNING+.txt ransom note. The note doesn’t contain a lot of information, simply mentions that files have been stolen and will be posted on a TOR website if victims don’t contact the cybercriminals. The note doesn’t mention how much victims will need to pay but it will likely be at least several thousand dollars.

The ransom note dropped by Insom ransomware is below:

Your data are STOLEN and your servers is LOCKED.
The data will be published on TOR website if you do not contact with us.
You can contact us directly for further instructions through emails:

insomrans@outlook.com

In subject write your personal id.

YOUR ID:

Engaging with cybercriminals and paying the ransom is never recommended. Victims always need to keep in mind that they are dealing with cybercriminals, who will not feel obligated to help them in any way even after they receive a payment. There are no guarantees that victims will receive a decryptor or that their files will not be posted on a TOR website. Unfortunately, many victims have paid ransoms in the past only to either receive not working decryptors or not receive them at all.

Users who have backups can start recovering files as soon as they remove Insom ransomware from their computers. Using an anti-malware program is strongly recommended because it’s a sophisticated infection. As soon as the ransomware has been removed, it’s safe to connect to a backup. For users with no backups, the only option is to back up the encrypted files and wait for a free Insom ransomware decryptor to be released. However, the free decryptor is not guaranteed.

How does ransomware infect computers?

Malicious actors use several methods to distribute ransomware, including torrents, email attachments, malicious links/ads, etc. Users with poor browsing habits are much more likely to pick up an infection because they engage in risky online behavior. Developing better habits is a great way to avoid malware infections, as is becoming familiar with common malware distribution methods.

Emails are a common malware distribution method. Emails that carry malware may be disguised to look like parcel delivery notifications or order confirmations. To attract users’ attention and alarm them enough to open the attachments, emails often mention large sums of money and expensive purchases. This is a very effective tactic because it creates a sense of urgency that pressures users to react without double-checking anything. However, upon closer inspection, emails can be identified as malicious. For one, malicious emails usually have very obvious grammar/spelling mistakes. These types of mistakes will never be present in legitimate emails. Malicious emails also usually address recipients with generic words like User, Member, Customer, etc. Most companies use their users’ names when sending correspondence to make the emails more personal. However, malicious actors rarely have access to personal information like names so they are forced to use generic words.

It’s worth mentioning that when malicious emails target specific people, they are much more sophisticated. The emails would not have any of the usual signs of malicious emails, address the target by name, and contain information that would give the email credibility. Thus, it’s always recommended to avoid opening unsolicited email attachments unless they are first scanned with anti-virus software or VirusTotal.

Torrents are another popular way to distribute malware among cybercriminals. It’s no secret that torrent sites are usually poorly moderated, and this allows malicious actors to upload torrents with malware in them. Torrents for entertainment content (e.g. movies, TV series, video games, etc.) in particular often have malware in them. If you pirate copyrighted content, you’re not only stealing content but also putting your computer and data in danger.

How to remove Insom ransomware

Ransomware is a very sophisticated infection and should always be removed with a professional program. If you try to remove Insom ransomware manually, you could end up causing additional damage to your device. Thus, using an anti-virus program is strongly recommended. Once the ransomware has been fully removed and is no longer detected, you can safely connect to your backup and start recovering files. Keep in mind that if ransomware is present when you connect to your backup, backed-up files will become encrypted as well.

You can see which anti-malware programs detect and remove Insom ransomware in the image below.