ALBASA Ransomware
Cybercriminals are targeting corporate entities with a powerful ransomware threat named the ALBASA Ransomware. The hackers use a double-extortion scheme to push their victims into meeting their demands and paying a hefty ransom. As a result of the ALBASA Ransomware attack, victims will no longer be able to access the files stored on the breached machines. Any documents, PDFs, spreadsheets, databases, archives, etc., will be rendered unusable completely.
Each locked file will now have '.ALBASA' appended to its original name as a new extension. When the threat has completed the encryption of all targeted file types, it will create a ransom note with instructions for the victim on the infected system. This ransom-demanding message will be contained inside a text file named 'RESTORE_FILES_INFO.txt.'
Ransom Note's Overview
According to their ransom message, apart from locking the victim's files, the cybercriminals also have exfiltrated numerous private files with sensitive data, such as contracts, financial documents, customer data, various databases and more. The impacted organizations are given 3 days to establish contact and meet the demands of the attackers or their data will be released to the public.
The hackers state that after the three-day are over, they will start leaking information via their Twitter account. The only communication channel mentioned in the note is via qTOX. Victims also are directed to specify the extension of their encrypted data ('.ALBASA,' in this case). The final line in the note shows the total number of locked files.
The full text of ALBASA Ransomware's instructions is:
'------------------
| What happened? |
------------------
Your network was ATTACKED, your computers and servers were LOCKED,
Your private data was DOWNLOADED:
- Contracts
- Customers data
- Finance
- HR
- Databases
- And more other...
----------------------
| What does it mean? |
----------------------
It means that soon mass media, your partners and clients WILL KNOW about your PROBLEM.
--------------------------
| How it can be avoided? |
--------------------------
In order to avoid this issue,
you are to COME IN TOUCH WITH US no later than within 3 DAYS and conclude the data recovery and breach fixing AGREEMENT.
-------------------------------------------
| What if I do not contact you in 3 days? |
-------------------------------------------
If you do not contact us in the next 3 DAYS we will begin DATA publication.
We will post information about hacking of your company on our twitter hxxps://twitter.com/RobinHoodLeaks or hxxps://www.gettr.com/user/robinhoodleaks
ALL CLINTS WILL LEARN ABOUT YOUR HACKING AND LEAKAGE OF DATA!!! YOUR COMPANY'S REPUTATION WILL BE HURTLY DAMAGED!
-----------------------------
| I can handle it by myself |
-----------------------------
It is your RIGHT, but in this case all your data will be published for public USAGE.
-------------------------------
| I do not fear your threats! |
-------------------------------
That is not the threat, but the algorithm of our actions.
If you have hundreds of millions of UNWANTED dollars, there is nothing to FEAR for you.
That is the EXACT AMOUNT of money you will spend for recovery and payouts because of PUBLICATION.
You are exposing yourself to huge penalties with lawsuits and government if we both don't find an agreement.
We have seen it before cases with multi million costs in fines and lawsuits,
not to mention the company reputation and losing clients trust and the medias calling non-stop for answers.
--------------------------
| You have convinced me! |
--------------------------
Then you need to CONTACT US, there is few ways to DO that.
---Secure method---
a) Download a qTOX client: hxxps://tox.chat/download.html
b) Install the qTOX client and register account
c) Add our qTOX ID: -
d) Write us extension of your encrypted files .ALBASA
Our LIVE SUPPORT is ready to ASSIST YOU on this chat.
----------------------------------------
| What will I get in case of agreement |
----------------------------------------
You WILL GET full DECRYPTION of your machines in the network, DELETION your data from our servers,
RECOMMENDATIONS for securing your network perimeter.
And the FULL CONFIDENTIALITY ABOUT INCIDENT.
----------------------------------------------------------------------------------
Number of files that were processed is:'
