Threat Database Ransomware 1500dollars Ransomware

1500dollars Ransomware

The 1500dollars Ransomware is a potent crypto locker threat that has been classified as belonging to the Phobos malware family. As such, the 1500dollars Ransomware lacks any meaningful modification or improvements over the typical Phobos Ransomware threat. The two unique aspects of the threat are the hackers' preferred communication channels and the extension they have chosen to append to the files encrypted by the malware.

When the 1500dollars Ransomware encrypts a file, it changes the original filename drastically. A string of characters acting as the ID assigned to the specific victims will be appended. Then, the email address 'cleverhorse@protonmail.com' will be added. Finally, '.1500dollars' will be placed as a new extension. The 1500dollars Ransomware delivers two sets of instructions to its victims. The first one will be placed inside text files named 'info.txt' that are dropped in every folder containing encrypted files. The second ransom note will be displayed in a pop-up window.

The note inside the text consists almost entirely of instructions on how the user can establish contact with the hackers by sending a message to the provided Jabber account at 'cleverhorse@xmpp.jp.' If that fails, the email address 'cleverhorse@protonmail.com' can be used instead. The pop-up ransom note further clarifies that the ransom must be paid in Bitcoin, and the exact sum demanded by hackers will be determined based on the speed with which victims initiate contact. The criminals offer to decrypt up to 3 files that do not exceed 10MB for free.

The ransom note displayed in 1500dollars Ransomware's pop-up window states:

'All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail cleverhorse@protonmail.com

Write this ID in the title of your message -

If there is no response from our mail, you can install the Jabber client and write to us in support of cleverhorse@xmpp.jp

You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.

Free decryption as guarantee

Before paying you can send us up to 1-3 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins

The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.

hxxps://localbitcoins.com/buy_bitcoins

Also you can find other places to buy Bitcoins and beginners guide here:

hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/

Jabber client installation instructions:

Download the jabber (Pidgin) client from hxxps://pidgin.im/download/windows/

After installation, the Pidgin client will prompt you to create a new account.

Click "Add"

In the "Protocol" field, select XMPP

In "Username" - come up with any name

In the field "domain" - enter any jabber-server, there are a lot of them, for example - exploit.im

Create a password

At the bottom, put a tick "Create account"

Click add

If you selected "domain" - exploit.im, then a new window should appear in which you will need to re-enter your data:

User

password

You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below)

If you don't understand our Pidgin client installation instructions, you can find many installation tutorials on youtube - hxxps://www.youtube.com/results?search_query=pidgin+jabber+install

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

 

The instructions found in the 'info.txt' files are:

'Want return your files?Write to our xmpp account - cleverhorse@xmpp.jp

The easiest way - register here hxxps://www.xmpp.jp/signup

After download pidgin client hxxps://pidgin.im/

Press Add account,choose protocol xmpp and put username from xmpp.jp where are you sign up

Domain - xmpp.jp

Put your password and press add

When you log in press Buddies --> Add Buddy-->and in Buddys username put cleverhorse xmpp.jp

After you will see added account cleverhorse@xmpp.jp,click twice on it and write your message

You can send us 1-3 test files. The total size of files must be less than 10Mb (non archived),

we will decrypt them and send to you that we are real

If you have a problem with xmpp you can write to our mail cleverhorse@protonmail.com.'

Ransom Note Analysis

The pop-up ransom note, which goes into more detail, explains the situation to victims. The message says that all files on the computer are encrypted due to security issues. The note includes contact information for the attackers, including an email address and a Jabber ID (cleverhorse@protonmail.com/cleverhorse@xmpp.jp).

The cybercriminals offer to decrypt up to three small non-essential files as a gesture of good faith that their decryption tool works. This offer instills a false sense of security in victims and encourages them to pay the ransom. The attackers assign each victim with a unique ID to keep track of who is contacting them.

The rest of this message includes instructions on how victims can buy bitcoin cryptocurrency, which is the preferred payment method for cyber crooks. The note also contains detailed instructions on how to use and install Jabber to talk to the attackers. Lastly, the cybercriminals warn that attempting to rename files or use third-party software to recovery them could cause permanent data loss.

The shorter text file includes instructions on how to install and use Jabber on mobile phones and computers. By all accounts, Jabber appears to be the preferred method of contact for these attackers.

Should Victims Contact 1500Dollars Ransomware Developers?

Contacting the attackers seems like the most straightforward choice in this situation. However, security experts and the FBI recommend you don’t do that. Paying the ransom fuels further illegal activities by these criminals. They become emboldened to continue attacking other people and develop more sophisticated malware programs.

Instead, experts encourage victims to focus on removing the virus and restoring their files. Removing the virus won’t undo the file encryption, but it does prevent further problems. You don’t want to restore your files only to have them encrypted again. Use an external or cloud-based backup to get your data back and get on with your day.

How Does 1500Dollar Ransomware Infect Computers?

1500Dollar ransomware primarily spreads through spam emails, software and operating system vulnerabilities, and malicious third-party programs.

Hackers send emails by the thousands to potential targets. The emails have fake header information to trick users into thinking it comes from a legitimate source, such as DHL or FedEx. These spam emails tell you the company attempted to make a delivery. They could also be disguised as shipping notifications for a package you’ve sent. Either way, readers are tempted to click the link or download the attached file to learn more. This interaction is all it takes to put a computer virus on your system.

Researchers have also seen 1500Dollars ransomware exploiting vulnerabilities in software programs and computer operating systems. Please take the time to update your computer and the programs on it regularly.

Tips to Improve Your Computer Security

If it feels like malware is lurking in every corner of the internet, that’s because it is. We can’t go one day without some new virus appearing somewhere in the world. The good news is that there are things you can do to bolster your computer’s security and keep it safe. Here are some things you should consider doing;

  • Create Data Backups
  • You can never have too many data backups. You should have copies of all of your essential files. The more copies you have, the better. Experts recommend maintaining at least one online backup on the cloud and one offline backup on an external hard drive.

  • Update Your System
  • Operating system updates and software updates regularly patch vulnerabilities exploited by cybercriminals. Keep your computer updated.

  • Invest in Antivirus
  • Antivirus programs are your first line of defense against digital threats. These programs remove viruses and often catch them before they become a threat.

  • Browse Safely
  • Avoid visiting shady and malicious websites. These websites are breeding grounds for malware.

  • Avoid Peer-to-Peer Downloads
  • Not only is it illegal to download any crack software, but it presents a severe risk to your computer. Hackers upload viruses under the names of popular programs and disguise malware installers as software activation tools.

  • Delete Spam
  • Don’t even bother opening spam emails. Delete them and get on with your day.

Trending

Most Viewed

Loading...