A new Variant of Ransomware has been reported by some of our clients.
All data files (php, htm, txt, zip) are encrypted and have been renamed by adding a 10-letter file extension that looks random – like this:
snips.txt.wxdrJbgSDa
Web.config.nUZPveYgIp
The ransom note left in every folder reads like this:
————————————————————————-
Files on your computer are encrypted.
Algorithm: ecc-secp192r1 & aes-ecb-256
To decrypt your files, please contact us using one of these e-mail addresses:
xxxx@secmail.pro
xxxx@scryptmail.com
xxxxx@countermail.com
Algorithm: ecc-secp192r1 & aes-ecb-256
To decrypt your files, please contact us using one of these e-mail addresses:
xxxx@secmail.pro
xxxx@scryptmail.com
xxxxx@countermail.com
Please include the following text in your message:
zMp9IPExgXlvg27MFOlQrOIssoqd/gUr5SiB5zhpbDt8TmZhBwkxrfJE6pI4eBWbQF27lVL9XlCbfSqA
…. and 5 more lines of random text/key like that
…. and 5 more lines of random text/key like that
On closer malware analysis
The cost of the decoder is $ 2100 as demanded by criminals.
If you have been infected with such ransomware contact our technical team for further help.