The ZEPPELIN Ransomware family appears to be growing with additional malware variants being released by cybercriminals. Infosec researchers have identified one such variant named the Asistchinadecryption Ransomware. The threat maintains the threatening capabilities of the main ZEPPELIN threat and can be used in disruptive attacks against individual users or chosen targets.
The Asistchinadecryption Ransomware can encrypt numerous different file types ranging from documents and pictures to databases and archives. Victims will be effectively prevented from accessing any of their important data that was stored on the compromised device. Each encrypted file will have '.asistchinadecryption' appended to its original name. The threat will also add a unique character string that acts as the ID assigned to the victim.
Ransom Note's Overview
When all targeted file types have been locked, the ransomware will create a text file named '!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT.' The purpose of this file is to contain the ransom note of the threat with instructions for the victims. The note states that recovery of the files without the decryption key in their possession is impossible. To assist in the restoration of the files, the cybercriminals demand to be paid a ransom.
Additional details about the payment will be provided after the affected users establish contact with the hackers. The note mentions that victims can send a message to the 'firstname.lastname@example.org' or try the attackers' Jabber account at 'email@example.com.' The last portion of the note contains several warnings.
The full text of Asistchinadecryption ransomware's note is:
'!!! ALL YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
To be sure we have the decryptor and it works you can send an email: firstname.lastname@example.org and decrypt one file for free.
But this file should be of not valuable!
Do you really want to restore your files?
Write to email: email@example.com
The alternative way to contact us is to use Jabber
Download and install Psi on your PC.
Register new account on hxxps://jabb.im/reg/
Add new account in Psi.
Add our contact - firstname.lastname@example.org
Your personal ID:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'