Backup Ransomware

Backup Ransomware Description

A new threat tracked as Backup Ransomware is a potent malware that can cause severe damage to any computer it manages to infect. This new VoidCrypt variant has been detected in the wild by infosec researchers. Users will be cut off from accessing nearly all of their files stored on the compromised device. The strong encryption algorithm employed by Backup Ransomware ensures that the locked files will not be cracked that easily, if at all.

The Backup Ransomware marks the files it affects by changing their names drastically. An email address under the control of the hackers - 'unlockdata@criptext.com,' followed by a string of characters, and finally '.Backup' as a new file extension will be appended to the original filenames. Upon completion of the encryption routine, the Backup Ransomware will drop text files named 'Decrypt-me.txt' in every folder containing locked data. Inside these text files, affected users will find a ransom note with instructions from the cybercriminals.

According to the text of the ransom note, victims of Backup Ransomware are expected to pay a ransom using the Bitcoin cryptocurrency. To receive the exact sum demanded by the hackers, users are supposed to initiate communication by using one of the email addresses found in the ransom note. The main email is the one also used for the names of the encrypted files - 'unlockdata@criptext.com,' while the secondary address is 'unlockdata@rape.lol.'

The email message must include a specific file created by the Backup Ransomware at the following location -  C:\ProgramData\prvkey*.txt.key. The * symbol may instead be a number. Victims also are allowed to attach a couple of small files (less than 1MB in size) to the message to be decrypted for free.

The full text of Backup Ransomware's note is:

'All Your Files Has Been Encrypted

You Have to Pay to Get Your Files Back

1-Go to C:\ProgramData\ folder and send us prvkey*.txt.key file , * might be a number (like this : prvkey3.txt.key)

2-You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data

3-Payment should be with Bitcoin

Our Email:unlockdata@criptext.com

in Case of no Answer:unlockdata@rape.lol.'

Related Posts