Andrianov Ransomware

Researchers have discovered a new ransomware known as Andrianov. This threatening software encrypts data, modifies the filenames of all locked files, changes the desktop wallpaper, and drops a file called 'andrianov.txt' containing contact information, payment details and the demands of the threat actors. The filenames of all encrypted files are appended with an extension, such as '.1iyT6bav7VyWM5,' which may vary depending on the variant of Andrianov. It is believed that this threat is based on the Chaos Ransomware family.

Andrianov Ransomware's Demands

Victims of the Andrianov Ransomware are told by the attackers that their personal files, including any documents, photos, PDFs, databases, and other important files, have been encrypted with a unique key. Typically, the only way to restore access to these encrypted files is to pay the ransom and obtain the private decryption key that only the threat actors possess. Victims are warned against attempting to remove the ransomware threat as it may cause permanent data loss. To pay the ransom, victims must send $200 in Bitcoin to the provided BTC wallet and then contact the attackers via email ('leonid.andrianoviaa@mail.ru'). Failure to do so will supposedly result in permanent data loss.

How can Users Protect Their Devices from Ransomware Threats Like the Andrianov Ransomware?

The first line of defense against ransomware is having a robust anti-malware solution. Be sure that your security program and other applications are up-to-date so they can better protect you against new threats as they emerge. Additionally, having regular backups of your data stored in an external location, such as on hard drives or cloud storage, can prove invaluable if attacked by ransomware – enabling you to quickly recover necessary files back rather than potentially paying out significant amounts of money to cybercriminals.

The full text of the ransom note dropped by the Andrianov Ransomware is:

'Your Personal Files has been Encrypted and Locked
Your documents, photos, databases and other important files have been encrypted with strongest encryption and locked with unique key, generated for this computer.
Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key.
Caution: Removing of Blackhat will not restore access to your encrypted files.
Frequently Asked Questions
What happened to my files ? understanding the issue
How can i get my files back ? the only way to restore your files
What should i do next ? Buy decryption key
Now you have the last chance to decrypt your files.

Buy Bitcoin (hxxps://blockchain.info)

Send amount of 200 dollar to address: to 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV

Transaction will take about 15-30 minutes to confirm.

When transaction is confirmed, send email to us at leonid.andrianoviaa@mail.ru
Click here to restore and recovery your files.'

The wallpaper message displayed by the threat is:

'ВНИМАНИЕ!
Все важные файлы на всех дисках вашего компьютера были зашифрованы.
Подробности вы можете прочитать в файлах README.txt, которые можно найти на любом из дисков.

ATTENTION!
All the important files on your disks were encrypted.
The details can be found in README.txt files which you can find on any of your disks.'