ARCrypter Ransomware
Computers infected by the ARCrypter Ransomware threat will be subjected to data encryption. A significant portion of the files stored on the devices will be locked and left in an unusable state. Although most of the widely used file types will be encrypted, ARCrypter will avoid impacting several, important file types, as a way to ensure that the impacted device doesn't experience critical system errors. The threat will not affect files with the following extensions - .exe, .dll, .bat, .ini, .blf, .log, .msi, .sys. and others.
Victims will notice that all of the locked files will have '.crypted' attached to their original names. Unlike most ransomware threats, ARCrypter will deliver its ransom note even before the threat's encryption routine has been activated. The ransom-demanding message with instructions from the attackers will be dropped as a text file named 'readme_for_unlock.txt.'
According to the cybercriminals' message, sensitive data has been collected from the breached devices and will supposedly be published to the public or sold to interested parties if victims refuse to pay the demanded ransom. Victims are given 3 days to contact the threat actors, or the decryption key for their data will be deleted. The ransom note also warns against shutting down the affected devices or trying to restore the locked files with any third-party tools, as that could cause permanent damage to the files' data.
The full text of ARCrypter Ransomware's note is:
'HELLO
---> Attention <----DO NOT:
--Modify, rename, copy or move any files or you can DAMAGE them and decryption will be impossible.
--Use any third-party or public Decryption software, it also may DAMAGE files.
--Shutdown or Reset your system, it can DAMAGE files.
--Hire any third-party negotiators (recovery/police and etc).Your security perimeter was BREACHED.
ooooCritically important servers and hosts were completely ENCRYPTED.
This README-FILE here for you to show you our presence in your's network and avoid any silence about hacking and leakage.
Also, we has DOWNLOADED OF YOUR MOST SENSITIVE Data just in case if you will NOT PAY,
than everything will be PUBLISHED in Media and/or SOLD to any third-party.
oooooo
WHAT SHOULD YOU DO:
---> You have to contact us as soon as possible (you can find contacts below)
---> You should purchase our decryption tool, so will be able to restore your files. Without our Decryption keys it's impossible
---> You should make a Deal with us, to avoid your Data leakageooYOUR OPTIONS:
---> IF NO CONTACT OR DAEL MADE IN 3 DAYS:
Decryption key will be deleted permanently and recovery will be impossible.
All your Data will be Published and/or Sold to any third-parties
Information regarding vulnerabilities of your network also can be published and/or shared'
