aZaZeL Ransomware

The aZaZeL Ransomware is an encryption ransomware Trojan that was first observed in mid-June of 2017. The aZaZeL Ransomware carries out a typical ransomware Trojan attack, encrypting its victims' files and demanding the payment of a ransom in exchange for the decryption key necessary to recover the affected files. The aZaZeL Ransomware uses an @india.com email address, 'azazel-bot@india.com,' to contact the victims. The most common way of delivering the aZaZeL Ransomware is through the use of corrupted email attachments, which will often take the form of Microsoft Word documents with enabled macros or scripts that download and install the aZaZeL Ransomware onto the victim's computer. Once the aZaZeL Ransomware enters a computer, it encrypts the victim's data and demands the payment of a ransom from the victim. The aZaZeL Ransomware uses a strong encryption algorithm that makes it nearly impossible to recover the affected files.

This Fallen Angel’s Target is Your Files

The aZaZeL Ransomware belongs to a larger family of ransomware, with several variants released around the same time. However, it does not seem that the aZaZeL Ransomware is based on open source ransomware platforms like HiddenTear or EDA2. It is unknown who are the attackers responsible for the aZaZeL Ransomware infection currently. Most of these attacks, however, seem to be targeted towards countries in North America and Western Europe. In its attack, the aZaZeL Ransomware demands the payment of 0.1 BitCoin (approximately $270 USD at the current exchange rate).

How the aZaZeL Ransomware may Infect a Compute

The whole purpose of the aZaZeL Ransomware attack is to make the victim's files inaccessible. To do this, the aZaZeL Ransomware will encrypt them with a strong encryption algorithm. During its attack, the aZaZeL Ransomware will mark the affected files by changing their extension, adding the string '.Encrypted' to the end of each file's name as a new extension. Once a file has been encrypted by the aZaZeL Ransomware, it will no longer be accessible with the victim's software or operating system and the only way to recover it is with the decryption key, which the con artists hold in their possession. After encrypting the victim's files, the aZaZeL Ransomware will display a ransom note. The following is an example of a ransom note used by the aZaZeL Ransomware:

'***
Your files are encrypted!!!
***
Your documents,photos, databases & other important files have been encrypted with
strongest encryption & unique key, generated for this computer.
We offer you to purchase special application for recovery access to your encrypted
files. Getting the decryptor is the only opportunity not to loose your file from pc
forever.
===
Your lock id:
0x[redacted hex][WIN_7]VN:A
===
Without a decryption tool it is imposible to recover your files. So
keep your lock id very safe else you can never recover your files.
It will be better if you note it somewhere outside your pc on the paper.
***
To purchase the decryption tool follow these steps:
***
1.Register a Bitcoin(BTC) wallet at (www.blockchain.info/wallet/new)
(Properly note your Bitcoin wallet address and Identifier address which you require to login to your BTC wallet)
2.If you dont have Bitcoins, you can buy them at (www.coinmama.com)
Here are the detail steps which will help you to buy buitcoins
===
Step 1: Goto (www.coinmama.com/register) and register your account there using your email id.
Step 2: After you register an account, you need to Signup/Login to your coinmama account.
Step 3: Then Choose the amount of Bitcoin (0.1 BTC) you need to buy.
Step 4: Choose a method of payment. You need to select the one of the available methods of payment
(Recommended: Western union or Moneygram)
Step 5: Note the details given for money transfer(eg:account holder's name, address,etc)
Step 6: Deposit the given amount of money in Western union or Moneygram near your location to the given details.
Step 7: After you deposit the cash, you will receive a transfer receipt with important information (eg:MTCN number).
Step 8: Only then goto next step (i.e. Complete your order) to assure a successful transfer.
Step 9: Copy the exact information as stated on your transfer receipt in the form.
Step 10: Enter your Bitcoin wallet address properly in the form then update order.
Your order will be processed once your transfer clears in their account.
They will update you by email, moments after sending your Bitcoins.
===
Other site to buy Bitcoins (www.localBitcoins.com)
(First time Bitcoin buyers guide available at (https://en.Bitcoin.it/wiki/First-time_buyers_guide)
3.After you buy Bitcoins, transfer Bitcoins to the details given below
Account details:
===
# Amount to transfer: 0.1 BTC(approx.$46 US Dollars)
# Transfer to bitcoin address: 1MaBogxRSscjxsdcsEr6ymtkV9SdGLfuxf
**Check bitcoin address properly before payment**
===
Only after the payment
===
Mail us to receive the decryption tool
Mailing details:
===
# Mail to: azazel-bot@india.com
# Subject: Decryptor Request
# Message: Message us the following details:
1.Your lock id (see at the top)
2.Email id: Your email id in which you wish to receive the decryptor.
3.BTC address: Your bitcoin wallet address from which you have made the payment.
(You can also mail us to get a guide on How to buy Bitcoins)
===
Special Warning!!!
===
Donot try to rename or be oversmart with those encrypted files, else they cant be
decrypted back & you will loose them forever.
#Files EnCrYpTeD by aZaZeL'

Dealing with the aZaZeL Ransomware

The best protection against the aZaZeL Ransomware and similar threats is to have backups of your files. Having the possibility of recovering your files from a backup undoes the aZaZeL Ransomware attack completely since the con artists lose any power enabling them to demand a ransom payment. Backups, combined with a reliable security program that is fully up-to-date, will stop most ransomware Trojans in their tracks completely.