Aros Ransomware

By CagedTech in Ransomware

Translate To:

The Aros Ransomware is a harmful threat that will leave its victims scrambling to restore their data. Indeed, the threat is capable of targeting numerous file types and encrypting them with a strong cryptographic algorithm. The impacted files will become inaccessible and unusable. Their original names also will be changed significantly. First, the threat will generate a unique ID string for the particular victims and add it to the file names. Next, an email address ('luckyguys@tutanota.com') will be included, as well. Finally, the threat will append '.ARS' as a new file extension.

When all of the targeted data on the breached devices has been processed, the Aros Ransomware will deliver a ransom note with instructions. This ransom-demanding message will be dropped on the desktop of the system as a text file named 'How_to_decrypt_files.txt.' The message claims that without the RSA decryption keys that the attackers possess, restoration of the impacted files is impossible. Victims are instructed to establish contact by messaging the TOX chat account of the attackers. Alternatively, they could try sending a message to the two email addresses found in the note - 'luckyguys@tutanota.com' and 'luckyguys@msgsafe.io.'

The full text of AROS Ransomware's note is:

'ALL YOUR FILES ENCRYPTED BY AROS RANSOMWARE
YOUR FILES ARE SAFE!
WE STRONGLY RECOMMEND you NOT to use any "Decryption Tools".
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price.
If you want to decrypt your files, you have to get RSA private key.
To get RSA private key you have to contact us via TOX chat. TOX download site: >> {hxxps://tox.chat/} <<
Our ID: >> {77A904360EA7D74268E7A4F316865F170 3D2D7A6AF28C9ECFACED69CD09C8610FF2C728E6A33} <<
If you have any problems with TOX Chat, email us: >> {luckyguys@tutanota.com or luckyguys@msgsafe.io} <<
and send us your tell your MachineID: >> - - <<
HOW to understand that we are NOT scammers?
You can ask SUPPORT for the TEST-decryption for ONE file!
If I don’t want to pay bad people like you?
If you will not cooperate with our service - for us, its does not matter.
But you will lose your time and data, cause only we have the private key.
In practice - time is much more valuable than money.
Please contact us before paying.
After the successful payment and decrypting your files, we will give
you FULL instructions HOW to IMPROVE your security system.
We ready to answer all your questions!'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Aros Ransomware

Submit Comment

Related Posts

Coharos Ransomware

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen