Arazite Ransomware
The Arazite Ransomware threat can be used by cybercriminals to lock the data of their targets. The threat is equipped with a sufficiently strong encryption process that can impact a large set of different file types. Victims will effectively lose access to their documents, PDFs, archives, databases, etc. The locked files will be used as leverage to blackmail the affected users or companies into paying a hefty ransom to the attackers.
The name of each encrypted file will be modified by having '.arazite' added to it as a new extension. When all targeted file types on the breached system have been processed, the Arazite Ransomware will deliver a ransom note with instructions from its operators. The note will be displayed in a new pop-up window created from a file named 'info.hta.'
The text of the ransom note clarifies that the Arazite Ransomware uses a combination of the RSA and AES cryptographic algorithms to lock its victim's files. The hackers promise that the data can be restored and even offer their victims to send up to 2 files to be decrypted for free as a demonstration. According to the note, the only way to reach the threat actors is by messaging their two email addresses at 'parazite@tutanota.com' and 'alcmalcolm@cock.li.'
The full text of Arazite Ransomware's note is:
'ALL YOUR DATA TURNED TO USELESS BINARY CODE
Your computer is infected with a virus.
Send an email parazite@tutanota.com, specify in the subject your unique identifier - and you will definitly be helped to recover.NOTE:
You can send 2 files as proof that we can return all your data.
If the provided email doesn't work, please contact us at alcmalcolm@cock.li
Algorithms used are AES and RSA.IMPORTANT:
The infection was due to vulnerabilities in your software.
If you want to make sure that it is impossible to recover files using third-party software, do this not on all files, otherwise you may lose all data.
Only communication through our email can guarantee file recover for you. We are not responsible for the actions of third parties who promise to help you - most often they are scammers.
Please, do not try to rename encrypted files.
Our goal is to return your data, but if you don't contact us, we will not succeed.'
