Angus Ransomware
Ransomware threats are claiming more and more victims on a daily basis. This malware type has become one of the most popular ways for cybercriminals to generate some cash. The fact that the cyber crooks can just borrow readily available code and only alter it slightly adds to the appeal of ransomware as it does not require one to be highly skilled in the field of tech to make some quick money.
Propagation and Encryption
Recently, cybersecurity researchers uncovered a new file-locking Trojan called the Angus Ransomware. Upon studying the Angus Ransomware, experts concluded that it is a variant of the ZeroPadypt Ransomware. Emails containing macro-laced attachments, bogus application updates, and fake pirated variants of popular applications may be among the infection vectors employed by the creators of the Angus Ransomware. If the Angus Ransomware is successful in compromising a system, it will waste no time and run a brief scan, which is meant to determine the locations of the files, which are considered to be of interest. Most ransomware threats target a very wide range of file types to ensure that enough damage is done so that the victim will consider paying the ransom fee. Files such as .mp3, .jpeg, .doc, .ppt, .mov, .mp4, .png, .docx, .jpg and .pptx will almost always be targeted by file-locking Trojans as most users are likely to have them present on their systems. When the Angus Ransomware encrypts a file, it also adds a new extension to it '.Email=[Legion.developers72@gmail.com]ID=[
The Ransom Note
In the next step of the attack, the Angus Ransomware drops its ransom note. The note's name is 'HowToDecrypt.txt,' and it reads:
’Your Files Have Been Encrypted
If You Need Your Files You Should Pay Decryption Price
The Steps For Getting Decryption Tool :
1-Send Id On The Files Or HowtoDecrypt.txt Files to Our Email
2-Send 1MB File For Getting Decryption Test to Make Sure You Can Get Your Files Back With Us(The Test File Should Not Contain Valuable Data Like Databases Excel Sheets or Backups)
3- Pay Decryption Price ( Payment Should Be With Bitcoin )
4- Get Decryption Tool With Key
Attention:
Using 3rd Party Applications or Recovery Tools May Damage Your Files permanetly
Your ID :0H1Khr79qvNDB4M
Our Email: Legion.developers72@gmail.com.’
The attackers fail to mention a specific ransom fee, but they state that the user is required to contact them via email ‘Legion.developers72@gmail.com.' Despite not specifying the sum required, the authors of the Angus Ransomware make it very clear that the fee will be demanded in the shape of Bitcoin.
We advise you strongly to resist any urge to contact the cybercriminals responsible for the Angus Ransomware. It is never a good idea to pay cyber crooks not only because your money will only encourage their criminal activities but also because they often do not keep their promises and will likely end up never sending you the decryption key promised. Since the Angus Ransomware is a variant of the ZeroPadypt Ransomware, it may be decryptable using a publicly available decryption tool so that this is something worth exploring definitely. Furthermore, to ensure you do not end up in a similar situation in the future, make sure you download and an anti-spyware security tool.
