Month of May we saw a new Ransomware called May Ransomware. Once infiltrated, May encrypts various data using AES-256 and RSA-4096 encryption algorithms and appends filenames with the “.locked” extension (for example, “sample.jpg” is renamed to “sample.jpg.locked”). May then creates a text file (“Restore_your_files.txt”) containing a ransom-demand message and places it in each folder containing encrypted files.
The message informs victims of the encryption and make ransom demands of 1 Bitcoin (approximately, $1750) in exchange for file decryption. As mentioned above, May employs AES and RSA cryptographies and, therefore, decryption without unique keys is impossible. All of the files that get encrypted will receive the same extension appended to them, and that is the ‘.maysomware’ and ‘.locked’ extension.
The criminals provide each of their victims with a personal identification number. Presumably, the hackers keep all the ID’s in some sort of database next to the unique data decryption keys. That’s why the victims are asked to submit this number along with the payment. Nevertheless, this does not mean that you should. On the opposite, you should avoid getting involved in any type of collaboration with the criminals and take all measures possible to remove May virus from your computer.
You should keep an updated Anti Virus program such as Max Total Security which provides daily back and easy to restore mechanism in case you get infected with any of the Ransomware.