AndreiHelp Ransomware
The AndreiHelp Ransomware is a variant belonging to a well-known malware family tracked by cybersecurity researchers as Spora. Even though this particular threat is not entirely unique, its invasive capabilities still allow it to cause significant damage to the infected machines. Indeed, threat actors can deploy the AndreiHelp Ransomware to lock the data of individual users, as well as corporate entities. When activated, the malware will target an expansive list of file types and lock them with an uncrackable cryptographic algorithm.
Each processed file will be left in a completely unusable state. In addition, its name will be modified to a significant degree. The threat will first append an ID string specifically generated for the victim. Then, an email address controlled by the hackers - 'andreihelp@cyberfear.com,' will be added. Finally, instead of using one recognizable file extension, the AndreiHelp Ransomware creates a new random 4-character string for each encrypted file. The ransom note of the threat is delivered to the breached devices as a text file named 'Read_Me!_.txt.'
Opening the file reveals that the threat is mostly targeting organizations. The operators of the AndreiHelp Ransomware use a double-extortion scheme, where they also collect confidential and sensitive information from the infected systems before activating the encryption routine. The hackers then threaten to release the obtained data to the public or the victim's competitors if their demands are not fulfilled. The hackers also threaten to delete the decryption keys necessary for the restoration of the victim's data after an unspecified period. Apart from the same email found in the names of the locked files, the ransom note also mentions a Telegram account at '@Atresio.'
The full set of instructions left by AndreiHelp Ransomware is:
'All Your Files Encrypted And Sensitive Data Downloaded (Financial Documents,Contracts,Invoices etc.. ).
To Get Decryption Tools You Should Buy Our Decrption Tools And Then We Will Send You Decryption Tools And Delete Your Sensitive Data From Our Servers.
If Payment Is Not Made We have to Publish Your Sensitive Data If Necessary Sell Them And Send Them To Your Competitors And After A While Our Servers Will Remove Your Decrypion Keys From Servers.
Your Files Encrypted With Strongest Encryption Algorithm So Without Our Decryption Tools Nobody Can't Help You So Do Not Waste Your Time In Vain!
Your ID:
Email Address: andreihelp@cyberfear.com
In Case Of Problem With First Email Contact Us In Telegram , ID : @Atresio
Send Your ID In Email And Check Spam Folder.
This Is Just Business To Get Benefits, If Do Not Contact Us After 48 Hours Decryption Price Will x2.What Guarantee Do We Give You ?
You Should Send Some Encrypted Files To Us For Decryption Test.
Attention!
Do Not Edit Or Rename Encrypted Files.
Do Not Try To Decrypt Files By Third-Party Or Data Recovery Softwares It May Damage Files.In Case Of Trying To Decrypt Files With Third-Party Sofwares,This May Make The Decryption Harder So Prices Will Be Rise.
How To Buy Bitcoin :
Buy Bitcoin Instructions At LocalBitcoins :
hxxps://localbitcoins.com/guides/how-to-buy-bitcoins
Buy Bitcoin Instructions At Coindesk And Get More Info By Searching At Google :
hxxps://www.coindesk.com/learn/how-can-i-buy-bitcoin/In Case Of Trying To Decrypt Files With Third-Party Sofwares,This May Make The Decryption Harder So Prices Will Be Rise.
How To Buy Bitcoin :
Buy Bitcoin Instructions At LocalBitcoins :
hxxps://localbitcoins.com/guides/how-to-buy-bitcoins
Buy Bitcoin Instructions At Coindesk And Get More Info By Searching At Google :
hxxps://www.coindesk.com/learn/how-can-i-buy-bitcoin/'
