Earth Grass Ransomware

While conducting a thorough examination aimed at identifying potential malware threats, a group of researchers recently came across a new strain of ransomware known as the EARTH GRASS. This threatening software operates by encrypting files and subsequently appending a distinctive '.34r7hGr455' extension to the filenames of the affected files. In addition to this file encryption, the Earth Grass goes further by altering the desktop wallpaper on the victim's computer and depositing a 'Read ME (Decryptor).txt' file, which serves as a ransom note.

To illustrate how the Earth Grass manipulates filenames, consider the following example: if the ransomware encounters a file named '1.jpg,' it will transform it into '1.jpg.34r7hGr455,' and similarly, a file labeled '2.png' will be changed to '2.png.34r7hGr455,' and so on. It's important to note that the Earth Grass is a variant of the previously known ransomware strain, WORLD GRASS, making it an evolution of an existing threat.

The Earth Grass Ransomware Can Cause Significant Damage

The ransom note serves as a message from the cybercriminals, explaining the situation. It discloses that the victim's files have been subjected to encryption, a consequence of a security vulnerability detected on their computer systems. Within this note, detailed instructions are provided, urging the victim to make a payment of $200 in XMR (Monero) cryptocurrency, which is to be sent to a specified cryptocurrency address. Additionally, the note includes directions for victims to establish contact with the perpetrators via the email address provided, namely earthgrass1@protonmail.com, where they are expected to share proof of payment and essential computer details.

A crucial element of the ransom note is a stern caution against any attempts to rename the encrypted files or undertake decryption using third-party software. Such actions are forewarned due to the risk of incurring permanent data loss. The note further emphasizes that seeking third-party assistance for decryption may result in a higher ransom demand and highlights the presence of potential scams in these circumstances.

It is strongly advised against complying with the ransom demands, as there is no guarantee that the promised decryption tools will be provided by the attackers. Moreover, a critical point is raised about the necessity of promptly removing the ransomware from compromised systems. This action is imperative to mitigate the risk of the infection spreading to other computers on the same network, which could lead to additional data encryption and further adverse consequences.

Ensure the Safety of Your Devices and Data through a Comprehensive Security Approach

To fortify one's data and devices against the looming threat of ransomware attacks, it is imperative to establish a comprehensive array of security measures. Below are some of the most effective best practices that users can adopt to bolster their defenses against ransomware:

• Regular Data Backups: Consistently backing up all critical data to offline or cloud-based storage solutions is an essential safeguard. This practice guarantees that, even in the event of data compromise, files can be restored from a clean backup, mitigating the impact of a ransomware attack.
•  Keep Software Updated: Timely installation of software updates is crucial. This includes updates for operating systems, applications, and security patches. These updates often contain vital security fixes that address vulnerabilities exploited by ransomware, making it imperative to keep systems up to date.
•  Exercise Caution with Emails: Handling email attachments and links with caution is fundamental. Try not to open attachments or click on links from sources that are unfamiliar or appear suspicious. It is essential to verify the authenticity of emails before interacting with any embedded content to diminish the risk of falling victim to phishing attacks.
•  Utilize Anti-Malware Software: Equipping all devices with reputable anti-malware software is an integral step. Regularly updating this software ensures the effective detection and blocking of ransomware threats, serving as a significant line of defense against potential infections.
•  Exercise Safe Browsing Habits: Safe browsing practices include visiting only trusted websites and steering clear of suspicious links or downloads from unverified sources. Browser extensions that block malicious content and provide a safe online environment can be invaluable in protecting against ransomware attacks.
•  Stay Informed and Educated: Remaining well-informed about the latest ransomware trends, attack techniques, and preventive measures is key to maintaining a robust defense. Consistent education and training on cybersecurity best practices are vital for both individuals and organizations.

By diligently adhering to these security measures, users can significantly augment their protection against ransomware attacks, thereby reducing the potential for data loss and financial harm. It's important to keep in mind that the threat landscape is constantly evolving, so ongoing review and adaptation of security practices are essential to staying one step ahead of cybercriminals.

The full text of the Earth Grass Ransomware's ransom note to the victims is:

'Earth Grass

YOUR FILES ARE ENCRYPTED
#EarthGress

All your files have been encrypted due to a security problem with your PC.
If you want to restore them do this work,

Send 200$ XMR On this Address :-
XMR Address = 419DpJAWr6NCVT2oAnWieozQPsRK7Bj83r4YHVioTaR q7RxYjt19DpJAWr6NCVT2oAnWieozQPsRK7Bj83r4GppvSd2VkMQ

After Sending The Funds Write us to the e-mail :-
Email Address = earthgrass1@protonmail.com
(With The Transection Screenshot And Transection Details And Your Computer Details.)

Attention

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files of the help of third parties may cause increased price(they add their fee to our) or you can become a victim of a scam.'

The ransom note delivered via the desktop background image is:

'EARTH GRASS

!! Your Files Are Encrypted !!

If you want to restore your files write us to the e-mail: -
earthgress!@protonmail.com

Price = 200$

XMR (Monero) = 43xokDZzu8TZgYgQscXST5P3eM4UMcdty87YHVioTaRq7RxYj t1ZSUXUeRrjsdrbZs6h3oMKkNwD7PMD3tm9GppvSd2VkMQ'