.ADAME File Extension
File TypeAdame Ransomware Encrypted File
What is an ADAME file?
A file with an .adame extension is a file that has been encrypted by the Adame virus, which is a variant of Phobos ransomware that became prevalent in early 2019. It is encrypted so it is not possible to open the file by simply changing the .adame file extension.
Adame is a type of malware utilized by cybercriminals that takes a user's files hostage and forces him to pay the perpetrator to unlock the files. It is most often introduced to a victim's computer through spam emails with malicious file attachments that contain macros and are downloaded and run by unsuspecting users. The virus may also be introduced when a user clicks on malicious online advertisements or downloads malicious files from torrent websites.
When the ransomware runs on a user's computer, it encrypts files on the computer and adds the .adame extension onto the names of the files. The targeted files are typically documents, images, videos, and backup files, such as .PDF, .PNG, .MP4, and .DB files. For example, a picture.png file becomes picture.png.adame.
The virus then generates an info.hta and info.txt file on the desktop of the user's computer. The info.hta file contains an HTML program that displays a pop-up window explaining the hostile takeover of the user's files. The info.txt file is the plain text version of the HTML program. The information in the two files includes an explanation about what occurred on the computer, the encryption used on the files, and how the user can recover his files by paying a ransom payment.
Currently, there are several options for removing the Adame virus, which includes Malwarebytes Premium software. However, there is no program available to effectively restore infected files. If the user has a recent backup of his files, he can perform a system restore to remove the virus but any changes made to files after the backup was made will be lost.
example.docx.id[1K748H90-3283].[email@example.com].Adame - Example of an ADAME file with the ID assigned to the victim and email address of the virus developer appended onto the file extension.