EMPg296LCK Ransomware
The EMPg296LCK Ransomware may have been classified as another variant from the MedusaLocker malware family, but that doesn't make it any less destructive. If activated on a breached device, EMPg296LCK will run an encryption process that will change most of the data stored there to a completely unusable state. Affected users will be prevented from accessing their documents, photos, archives, databases and other important file types. The goal of the attackers is to leverage the locked data and extort their victims for money.
Like most ransomware, the files affected by the threat will be marked by having a new file extension ('.EMPg296LCK') appended to their original names. In addition, the malware will create a new HTML file named '!HOW_RECOVERY_FILES!.HTML' on the device. The role of this file is to deliver a ransom note with the demands of the threat actors.
According to the message, all of the affected files can be restored by using the proper decryption keys and software tools. To receive additional instructions, the victims of the threat are directed towards messaging the two provided email addresses - 'assist1122@protonmail.com and 'assist112233@cock.li.' If the note can be believed, the attackers also are willing to unlock a single file for free. However, the chosen file must be less than 10MB in size.
The full text of the note is:
'Your files are encrypted!
What happened?
Your files are encrypted, and currently unavailable.
You can check it: all files on you computer has new expansion.
By the way, everything is possible to recover (restore), but you need to buy a unique decryptor.
Otherwise, you never cant return your data.For purchasing a decryptor contact us by email:
assist1122@protonmail.com
If you will get no answer within 24 hours contact us by our alternate emails:
assist112233@cock.liWhat guarantees?
Its just a business. If we do not do our work and liabilities - nobody will not cooperate with us.
To verify the possibility of the recovery of your files we can decrypted 1 file for free.
Attach 1 file to the letter (no more than 10Mb). Indicate your personal ID on the letter:Attention!
• Attempts of change files by yourself will result in a loose of data.
• Our e-mail can be blocked over time. Write now, loss of contact with us will result in a loose of data.
• Use any third party software for restoring your data or antivirus solutions will result in a loose of data.
• Decryptors of other users are unique and will not fit your files and use of those will result in a loose of data.
• If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. •Otherwise, they will fall into the open access of the Internet! Use any third party software for restoring your data or antivirus solutions will result in a loose of data.
• Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.
•Check the spam folder in the mail !!!'
