Adr Ransomware Description
The Adr Ransomware behaves as a typical ransomware threat, but, so far, infosec researchers have not placed it as part of any pre-existing malware family, which makes it a unique threat. When the Adr Ransomware infiltrates a computer, it leverages a strong encryption algorithm to encrypt the files stored there. Affected users will realize that they no longer access their personal or business files leading to potentially severe consequences.
This particular ransomware threat changes the names of the files it encrypts drastically. In fact, it substitutes them entirely with a random string of characters that also varies in length, followed by '.adr' as a new extension. The Adr Ransomware's ransom note is then dropped in the 'C:\Users\[Username]' folder as a text file named 'DesktopDECRYPT_ME.TXT.'
The instructions left by the cybercriminals responsible for the Adr Ransomware are extremely brief. They simply state that victims who wish to decrypt their files must initiate contact by sending a message to the 'deathL00d@protonmail.com' email address. The ransom note also reveals that bugs may influence the delivery of the ransom note-carrying files because, according to the instructions, affected users are supposed to use a 'DECRYPT_ME.TXT' file that should be found on their desktop screens. If the hackers will fix this oversight in a future version of the Adr Ransomware remains to be seen.
The ransom note reads:
If You are reading this message
ALL YOUR FILES ARE ENCRYPTED
FILES CANNOT BE DECRYPTED WITHOUT OUR DECRYPTION SERVICE
Contact Us with the Encryption file 'DECRYPT_ME.TXT' On YOUR DESKTOP
LETS TALK BUSSINESS AT deathL00d@protonmail.com.'