Aghz Ransomware
After conducting a thorough analysis, cybersecurity experts have discovered a new variant of ransomware called Aghz. Aghz is classified as a critically damaging threat that targets a user's system by encrypting the files on it, thus rendering them inaccessible.
The Aghz Ransomware operates by modifying the original file names during the encryption process, appending the extension ".aghz" to them. For example, if a file is called '1.jpg,' Aghz will rename it to '1.png.aghz,' and similarly, a file named '2.png' will be renamed to '2.png.aghz,' and so forth. Additionally, Aghz creates a ransom note in the form of a '_readme.txt' file, providing payment instructions to obtain the decryption key needed to unlock the encrypted files.
It is worth noting that Aghz is a member of the STOP/Djvu ransomware family, and it may be distributed alongside other malware such as RedLine, Vidar or other information stealers. As a result, users must remain cautious and adopt appropriate security measures to avoid falling victim to further security or privacy risks.
Ransomware Threats Like Aghz Seek to Extort Money from Their Victims
The ransom note issued by the attackers provides detailed instructions for the victims on how to regain access to their encrypted files. According to the note, victims are directed to obtain decryption software and a unique key, which are necessary for restoring the files to their original state. The attackers demand a ransom payment of $980 in exchange for these tools.
However, there is a time-limited offer included in the note. If victims contact the attackers within a 72-hour timeframe using the provided email addresses - 'support@freshmail.top' or 'datarestorehelp@airmail.cc,' the ransom amount can be reduced to $490.
The cybercriminals also offer victims the opportunity to submit a single encrypted file for a supposedly free decryption. This gesture is likely intended to demonstrate the attackers' capability to unlock the files and build a level of trust with the victims. It serves as a sample decryption before any ransom payment is made.
However, it is strongly advised against paying the demanded ransom. There is no guarantee that the attackers will fulfill their end of the bargain and provide the necessary decryption tools. Paying the ransom not only supports criminal activities but also does not guarantee the recovery of the files.
Moreover, it is crucial to take swift action to remove the ransomware from the affected system. This step is necessary to prevent further encryption of files and potential attacks on other devices connected to the network. By eliminating the ransomware, users can mitigate the risk and prevent any additional harm caused by the malicious software.
Security Measures that May Protect Your Devices and Data from Ransomware Threats
To protect your devices and data from ransomware threats, it is crucial to implement a comprehensive set of security measures. Here are some recommended practices:
- Keep your software updated: Regularly update your operating system, applications, and antivirus software to ensure you have the latest security patches. Software updates often will apply bug fixes and security enhancements that can help safeguard against known vulnerabilities exploited by ransomware.
- Install reputable anti-malware software: Use robust security software that offers real-time protection against malware, including ransomware. Regularly update the antivirus software and perform scheduled scans to detect and remove any malicious programs.
- Enable automatic backups: Regularly back up your important data to an external hard drive, network-attached storage (NAS), or a cloud-based backup service. Automated backups are essential to ensure that your files are protected in the event of a ransomware attack. Keep in mind that the backup device or service should not be continuously connected to your computer or network, as ransomware can also encrypt connected backup files.
- Exercise caution with email attachments and downloads: When downloading files or opening email attachments from unknown or suspicious sources, be careful. Avoid accessing links or downloading attachments in unsolicited emails, as they could contain ransomware or other malware. Use a reliable spam filter to help identify and block unsafe emails.
- Be cautious of social engineering tactics: Be wary of unsolicited phone calls, messages, or pop-ups asking for personal information or credentials. Ransomware attackers may use social engineering techniques to trick users into opening malicious links or revealing sensitive information.
- Educate and train employees: Conduct regular cybersecurity awareness training to educate employees about the risks of ransomware and how to identify and respond to potential threats. Training should cover best practices for email security, safe browsing habits, and recognizing social engineering attempts.
By implementing these security measures and staying vigilant, you can reduce the possibility of falling victim to ransomware attacks significantly and protect your devices and valuable data.
The ransom note left to the victims of the Aghz Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-3OsGArf4HD
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'