Cyber Security Center

Delete Igdm ransomware


Igdm ransomware is malware that encrypts files. It’s part of the Djvu/STOP ransomware family, which has released more than two hundred ransomware versions. This version can be identified by the .igdm file extension added to encrypted files.

 

Igdm ransom note

Igdm ransomware is file-encrypting malware that’s part of the Djvu/STOP malware family. There are hundreds of ransomware versions that have been released by the notorious Djvu gang, including Nobu, Weui, Lisp, Sglh, Epor, Vvoa, and Agho. This version adds .igdm, hence why it’s known as Igdm ransomware. Most versions are more or less identical, though they are equally dangerous.

Users will be unable to open encrypted files, unless they are first decrypted. The decryption process is explained in the _readme.txt ransom note, and it involves paying a $980 ransom. The note also mentions that if users make contact within the first 72 hours, they would get a 50% discount. However, whether users actually get a discount or not, paying is not recommended. First of all, there are no guarantees that a decryptor will actually be sent to users, or that it will work. Furthermore, the money would support future criminal activity. The truth is that as long as users continue to pay, ransomware will continue to be a problem. While the decision on whether to pay is up to the victims themselves, users need to be aware that paying is risky.

The best option to recover Igdm ransomware encrypted files is to use backup. If users have backed up encrypted files, they can start their file recovery as soon as they remove Igdm ransomware from their computers. If the ransomware is still there when users access backup, files stored in it may become encrypted as well.

If users don’t have backup, there is one possible option left. Malware researchers release free decryptors to help users recover files without paying the ransom. But while a fee decryptor is available for older Djvu/STOP versions, it will not work for new versions (including this one) which use online keys to encrypt files. Because the keys are unique to each victim, a free decryptor cannot be developed until all the keys are released. It’s not unheard of for the cyber crooks themselves to release the keys, or law enforcement may do that if they are able to catch them. In the meantime, users should be careful of fake decryptors as they are likely to contain malware. If a legitimate one is released someday, it would likely be by Emsisoft, other anti-virus vendors or malware researchers. It would also be posted on NoMoreRansom.

Ransomware distribution

Ransomware usually spreads via spam emails, torrents, malicious sites, etc. Users can usually avoid picking up an infection by simply being more careful when browsing. Many users have notoriously bad habits, which include carelessly opening email attachments from unknown senders, pirating copyrighted content via torrents, clicking on ads when on high-risk websites, not installing essential security updates, and not having adequate protection.

Spam emails are one of the most common ways users pick up ransomware. It’s enough to simply open an email attachment to initiate the ransomware. Fortunately, users can identify malspam pretty easily, as long as they know what to look for. Whenever users receive an unsolicited email with an attachment, the first thing they should check is the sender’s email address. A nonsense email address is an immediate sign that something is not right with the email. A further sign is grammar and spelling mistakes, which spam emails are always full. Users will also notice that the emails put pressure on them to open the attached file by claiming it’s some kind of important file. Because not all malspam is obvious, it’s recommended to scan all unsolicited emails with anti-virus software or VirusTotal before opening them.

Users who torrent are also risking infecting their computers with malware. Torrent sites are usually quite dubious and not regulated adequately, which allows cyber crooks to easily hide malware in torrents for movies, episodes of TV shows, games, software, etc.

Installing updates on a regular basis, preferably when they come out is also a good idea. Updates patch known security vulnerabilities, which can be used by malware to enter.

What does the ransomware do?

When ransomware enters a computer, it will show a fake Windows Update window to distract users from the fact that their files are becoming encrypted. The ransomware will target personal files like photos, videos and documents. Once files are encrypted, they will have .igdm, hence why the malware is known as Igdm ransomware. Users will not be able to open the encrypted files, at least until they are decrypted first. The ransom note _readme.txt that will be dropped in all folders containing encrypted files will explain how users can decrypt files. Getting the decryptor from the cyber crooks behind this ransomware involves paying either $980, or $490 if contact is made within the first 72 hours. The note also mentions that victims can send one file to be decrypted for free, provided it does not contain any personal or important information.

We already mentioned that we don’t recommend paying the ransom. Victims should keep in mind that they are dealing with cyber criminals who are not obligated to help users recover files. They can just take the money without sending the decryptor. It has happened many times in the past, and it will happen again many times in the future. Furthermore, the reason ransomware is still such a big threat is because victims continue to pay the ransom, making it profitable for cyber criminals to continue.

Here is the ransom note dropped by Igdm ransomware:

ATTENTION!

Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-EtT4dX8q3X
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
helpmanager@mail.ch

Reserve e-mail address to contact us:
restoremanager@airmail.cc

Your personal ID:

Igdm ransomware removal

Users have to use anti-malware software to delete Igdm ransomware because this is a complex infection. Once the ransomware is no longer present, users can access their backup to recover files. However, it should be mentioned that encrypted files are not decrypted just because the ransomware is removed.

Igdm ransomware is detected as:

  • Gen:Variant.Midie.77411 by BitDefender
  • Trojan:Win32/Glupteba!ml by Microsoft
  • ML.Attribute.HighConfidence Symantec
  • Artemis!86E8A27AB9B9 by McAfee
  • Trojan.MalPack.GS by Malwarebytes
  • A Variant Of Win32/Kryptik.HICD by ESET
  • Gen:Variant.Midie.77411 (B) by Emsisoft
  • UDS:DangerousObject.Multi.Generic by Kaspersky