Z61yt Ransomware

Users' data is under threat from another ransomware. Tracked by cybersecurity researchers as the Z61yt Ransomware, the malware scans infected systems and locks most of the files stored there. Impacted users will lose the ability to access any of the encrypted files and restoration without having the necessary decryption keys is practically impossible. The threat actors' aim is to leverage the locked data and extort their victims for money. It should be noted that the Z61yt Ransomware is a variant of the Hive Ransomware threat.

As part of its intrusive actions, the Z61yt Ransomware also will modify the original names of the encrypted files. The threat will first generate a unique character string that will act as the identification of the breached device. This string will be appended to the name of each encrypted file on the system. In addition, the locked data also will now have '.z61yt' added as a new file extension. A ransom note will instructions will be delivered to the breached system as a text file named '1uZ5_HOW_TO_DECRYPT.txt.'

Reading the ransom-demanding message of the threat actors reveals that they operate using a double-extorsion scheme. Apart from the encrypted files, cybercriminals also collect important or confidential data from the victim's device. If their demands are not met, the hackers threaten to publish the collected data on a dedicated leak website hosted on the Tor network. Another Tor website is left as a communication channel.

The entire set of instructions left by Z61yt Ransomware is:

'Your network has been breached and all data were encrypted.
Personal data, financial reports and important documents are ready to disclose.

To decrypt all the data and to prevent exfiltrated files to be disclosed at
hxxp://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
you will need to purchase our decryption software.

Please contact our sales department at:

hxxp://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/

Login:
Password:

To get an access to .onion websites download and install Tor Browser at:
hxxps://www.torproject.org/ (Tor Browser is not related to us)

Follow the guidelines below to avoid losing your data:

• Do not modify, rename or delete *.key.z61yt files. Your data will be
  undecryptable.
• Do not modify or rename encrypted files. You will lose them.
• Do not report to the Police, FBI, etc. They don't care about your business.
  They simply won't allow you to pay. As a result you will lose everything.
• Do not hire a recovery company. They can't decrypt without the key.
  They also don't care about your business. They believe that they are
  good negotiators, but it is not. They usually fail. So speak for yourself.
• Do not reject to purchase. Exfiltrated files will be publicly disclosed.'