Skip to content ↓ | Skip to navigation ↓

Readers beware! The .Aesir Virus File Ransomware is becoming one of the biggest threats to your online security. We have recently become aware of a change in one of the most infamous cyber threats’ behavioral patterns. It would appear that the all-too-well known Locky ransomware virus has changed its format. Victims are now seeing their encrypted files with an extension different from the ones we all know.

The former .locky / .odin / .shit / .thor extension has been substituted by the latest alteration – .aesir. The name of the ransom note that the criminals plant on your desktop, once the malware has finished up with its dirty business, has also been altered. The title now reads _[number]-INSTRUCTION.html.

Some other more recent members of the Locky ransomware family have also paid tribute to Norse mythology by using the extensions .odin and .thor, respectively. Aesir (the word for multiple Gods in Old Norse) seems to be the latest of the eerie tributes. However, regardless of the file extension it uses, this is still the Locky virus. It is thus an extremely dangerous and hazardous encounter.

Another change that this updated version of the ransomware exhibits is an increased number of file types it affects, which makes it all the more harmful. Compared to the previous .Thor Virus that reached 400 file extensions, .Aesir Virus is now capable of targeting a whopping 456 file types!

As we are still only looking at a newer, improved version of the same malware, its distribution methods pretty much remain the same.

The most probable sources are still spam e-mails, especially those containing attached files. As we have concluded from earlier versions, WS and JS file formats seemed to be preferred among cyber criminals, so be extremely cautious around suspicious emails that contain these formats. If you happen to receive messages from unknown or suspicious sources, be sure to double check them before opening them. As for e-mail attachments, unless you are completely sure they are trustworthy, we wouldn’t recommend downloading them at all.

Leading security experts have over time determined that malvertisements are another popular source of infections. A random click on the wrong online ad can automatically download the ransomware onto your computer without you even realizing it. And as the encryption process runs just as silently, the likelihood of you intercepting it is slim to none.

Therefore, we urge readers to always be on the lookout for shady content when browsing the web. Avoid illegal, obscure, and otherwise untrustworthy sites, and be very cautious around suspicious online ads.

If you are a victim of an active infection, our advice is to try as many alternative options as possible before surrendering to any of the ransom demands.

Interested in learning more about Ransomware? Click here.


daniel sadakovAbout the Author: Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.