Secles Ransomware
Secles is a form of threatening software that encrypts data, and cybersecurity researchers have identified it. Ransomware threats are specifically crafted to encrypt files, with the intention of extorting ransom payments from the affected victims in exchange for the supposed decryption of their files.
Once activated on a compromised system, the Secles Ransomware effectively locks a diverse array of file types. In doing so, it alters the titles of these files by appending them with a unique ID assigned to the victim, the Telegram username of the cyber criminals, and a '.secles' extension. To illustrate, a file originally named '1.png' would be transformed into '1.jpg.id[DYz7jzMo].[t.me_secles1bot].secles.' After completing the encryption process, the Secles Ransomware generates and places a ransom note on the affected system titled 'ReadMe.txt.'
The Victims of the Secles Ransomware Have Their Files Taken Hostage
The ransom note associated with the Secles Ransomware urges victims to communicate with the attackers to initiate the restoration (decryption) of their encrypted data. If the provided contact information proves to be inaccessible, victims are directed to explore alternative communication channels via the linked Tor network website. Decryption is contingent upon meeting the ransom demands, but before complying, victims have the option to test the recovery process on two encrypted files. The message explicitly cautions against altering or deleting the affected data, as such actions may impede the decryption process or make it entirely impossible. Researchers stress that decryption typically requires the direct involvement of cybercriminals.
Despite the payment of the ransom, victims often find themselves without the necessary decryption keys or tools. Therefore, it is strongly discouraged, as there is no guarantee of file recovery, and succumbing to the criminals' demands only perpetuates their illicit activities.
Removing the Secles Ransomware from the operating system is crucial to prevent further data encryption. However, it is important to note that the removal process does not automatically restore previously compromised files.
Adopt a Comprehensive Security Approach to Prevent Ransomware Infections
To effectively prevent ransomware infections, users should adopt a comprehensive security approach that encompasses various proactive measures and best practices. Here's a guide on how to achieve this:
- Regular Backups: Regularly back up important data to an external and secure location. This can be a guarantee that even if your computer was compromised, you can restore your files without succumbing to ransom demands.
- Update Software and Systems: Keep operating systems, security software, and all applications updated. Consistent updates often include security patches that address vulnerabilities exploited by ransomware.
- Use Reliable Security Software: Install reputable anti-malware software. Ensure that it provides real-time protection, automatic updates, and features to detect and block ransomware threats.
- Email Security: Exercise caution with email attachments and links. Avoid opening emails from unknown senders, and be wary of unexpected attachments or links, as these can be vehicles for ransomware delivery.
- Educate and Train Users: Traine employees and users on safe online practices. Make them aware of the risks associated with downloading attachments, clicking on links and visiting suspicious websites.
- Restrict User Privileges: Limit user access rights to the minimum necessary for their roles. This can prevent ransomware from spreading laterally across the network in case of an infection.
- Multi-Factor Authentication (MFA): Enpower multi-factor authentication wherever possible. This will add an extra layer of security, making it more laborious for unauthorized users to gain access.
By incorporating these measures into their cybersecurity strategy, users can reduce the risk of falling victim to ransomware attacks significantly and enhance the overall security posture of their systems and data.
The ransom note left to the victims of Secles Ransomware is:
'to recover your data install telgram messanger at @seclesbot ( hxxps://t.me/secleslbot ) you will talk with support using the bot , admin will be monitoring if for any reason bot is not avaiable you can find link and id of new bot at our onion site 2kksm7oobarkoedfnkihgsa2qdvfgwvr4p4furcsopummgs5y37s6bid.onion you will need to install for browser for onion sites ( hxxps://www.torproject.org/download/ ) you dont need to install for if our telegram bot is working, the bot gets banned once a while
you id is :
you will get two sample decryption (decoding) before any payment for free this is strong ransomware, any day you waste without paying is one business day you waste our price is reasonable,the wasted days will cost you more
some notes:
1-although illegal and bad but this is business,you are our client after infection and we will treat you respectfully like a client2-do not delete files at c:\secles , if you want to reinstall windwos take a backup of the folder (dont waste time trying to get anything out of them ,they are encrypted with out public key and cant be read without our private keys)
3-do not play with encrypted file, take a backup if you want to waste some time playing with them
4-if you take a middleman do deal with us directly , take one with good reputation ,we always provide decryptor after payment and only ask for one payment , if you take a random middle man from internet he may take you money and not pay as and disappear or lie to you
5-police can't help you , we are excpericed hackers and we don't leave footprints behind , even if we did police wont risk ther million dollar worth zero day exploits for catching us, instead what they do get sure of is you never pay us and you suffer loss your data
6-if some of your files don't have our extention but do not open ,they are encrypted all other files and will decrypt normally ,they just have not been renamed to get our extension'
