Arai Ransomware
The Arai Ransomware is a detrimental threat, designed to encrypt the data stored on the devices it has infected. The Arai Ransomware is capable of targeting numerous file types that will be left in an unusable state after being subjected to data encryption. The utilized cryptographic algorithm ensures that the affected files will be nearly impossible to restore without the proper decryption keys. It should be noted that the Arai Ransomware appears to be specifically aimed at infecting corporate entities.
The Arai Ransomware modifies the original names of the files it locks by appending '.araicrypt' to them as a new file extension. Among the changes to the breached devices caused by the Arai Ransomware also will be the creation of a new text file named 'READ_TO_RESTORE_YOUR_FILES.txt.' The file will be dropped on the desktop of the device and its role is to carry a ransom note with instructions from the cybercriminals.
Ransom Note's Details
In the ransom-demanding message, the criminal operators of Arai Ransomware reveal that they are running a double-extortion operation. Apart from preventing victims from accessing their own files, the attackers also collect sensitive or confidential information from the infected systems. The note states that the malware has deleted all of the backups and Shadow Volume Copies of the encrypted files.
The exfiltrated data is used as additional leverage in pushing the victims toward paying the demanded ransom. Otherwise, the hackers threaten to release the private data to the public or sell it to any interested parties. Furthermore, victims apparently have only 48 hours to comply with the demands of the cybercriminals. After the end of that period, the hackers will refuse to assist with the restoration of the encrypted files and publish the collected information.
The ransom note leaves victims with two email addresses that can serve as communication channels. The main address is 'AraiHelp@secmail.pro' while 'AraiHelp2@secmail.pro' serves as a backup.
The full text of Arai Ransomware's message is:
'===========================================
All Your Files Have Been Encrypted !!
===========================================
All of your backups and shadow copies have also been deleted so forget restoring
them.
===========================================
We also have been able to steal your confidential files (databases, customers data's,
HR etc...) all over your network workstations and servers.
===========================================
If you want to hear your mind instead of our instructions, you will loose stupidly your
files but you will also see your files being published online or sell to tiers (and we'll do it)
In this case, beleive us that you're going to suffer a big financial loss and a big loss
of reputation.
===========================================
We are aware that you don't want this case too happens.
If you want to restore files and want us to delete your confidentials files, contact us right
with a message to the contact address below. Include the KeyID in your message pls.
===========================================
AraiHelp@secmail.pro
If there's no answers from us in the next 15 hours, contact us to :
AraiHelp2@secmail.pro
Note that you have only 48 hours to contact us. After this delay, there will be no data
recovered and your files will be published.
Key Identifier:'
