brutusptCrypt Ransomware
The brutusptCrypt Ransomware falls into the category of malware threats designed to specifically lock the data of targeted victims. Upon being activated on the infiltrated devices, the threat will go after numerous, different file types, such as documents, photos, images, PDFs, archives, databases, etc., and encrypt them with a sufficiently strong cryptographic algorithm. When a file is locked, the malware also will add '.brutusptCrypt' to that file's original name.
Afterward, the threat will proceed to deliver two ransom notes to its victims. One of the ransom-demanding messages will be contained inside a text file named 'Payment_Instructions.brutusptCrypt.txt.' The message from the cybercriminals states that they are trying to extort the sum of 1 Bitcoin from their victims. The value of the Bitcoin cryptocurrency is prone to volatile movements but it is still trading at over $23, 000 at the moment. After sending the money to the provided crypto-wallet address, victims are expected to email the transaction ID to the 'francisco.henriques@airbus.com' address. The text file also contains a list of the encrypted files.
The second ransom note of the threat is displayed in a pop-up window. The instructions are practically identical, mentioning the same email address and crypto-wallet address, and also demanding the payment of 1 Bitcoin. Both messages use the name of the Airbus Cybersecurity and it should be noted that the company has absolutely no connection to the operators of the malware.
The pop-up window shows the following message:
'Your files have been encrypted!
But don't worry, you can recover them 🙂Please send 1Bitcoin(s) to the following BTC address
1u8h3u23h3jCyb3r22mer97ptPSi12am1143
Next up, E-mail your transaction ID to the following
francisco.henriques@airbus.com
Airbus Cybersecurity wishes u a nice day! 😉
The ransom note delivered as a text file is:
All of your files have been encrypted.
To unlock them, please send 1 bitcoin(s) to our BTC address: 1u8h3u23h3jCyb3r22mer97ptPSi12am1143
After proceeding the payment, please email us with your transaction ID to: francisco.henriques@airbus.comAirbus Cybersecurity wishes u a nice day! 😉
Encrypted files:'
