ANUBIZ LOCKER Ransomware
Cybercriminals are using a new ransomware variant named ANUBIZ LOCKER, to encrypt the data of their victims. Although the threat has little to distinguish itself from the rest of the variants belonging to the Babuk malware family, its capacity to cause damage remains significant. Indeed, the ANUBIZ LOCKER can affect a large number of different file types and leave them inaccessible and unusable completely.
Victims are then extorted to pay a ransom to the attackers if they want to potentially regain their locked data. When the ANUBIZ LOCKER encrypts a file, it marks it by adding '.lomer' to that file's original name. A ransom note with instructions from the hackers also is left on the compromised devices. This ransom-demanding message will be delivered as a text file named 'How To Restore Your Files.txt.'
Ransom Note's Details
ANUBIZ LOCKER's note reveals that the attackers use a double-extortion scheme to get their victims to pay up. In addition to locking valuable data, the cybercriminals claim to have obtained important files that they threaten to start leaking to the public if their demands are not met. They also are willing to unlock a single file for free, as a demonstration of their ability to restore all encrypted files. To establish contact and receive additional instructions, victims are expected to message the 'anubiz@tuta.io' email address.
The full text of the ANUBIZ LOCKER Ransomware message is:
'----------- [ Hello! ] ------------->
******BY ANUBIZ LOCKER******
What happend?
----------------------------------------------
Your computers and servers are encrypted, backups are deleted from your network and copied. We use strong encryption algorithms, so you cannot decrypt your data.
But you can restore everything by purchasing a special program from us - a universal decoder. This program will restore your entire network.
Follow our instructions below and you will recover all your data.
If you continue to ignore this for a long time, we will start reporting the hack to mainstream media and posting your data to the dark web.
What guarantees?
----------------------------------------------
We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests.
All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems.
We guarantee to decrypt one file for free. Go to the site and contact us.
How to contact us?
----------------------------------------------
Using EMAIL:
1) Open your mail
2) Write us: anubiz@tuta.io
!!! DANGER !!!
DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them.
!!! DANGER !!'
