ELITTE87 Ransomware

During the investigation of potential malware threats, cybersecurity experts came across a new strain known as ELITTE87. Classified as ransomware, this threatening software operates by infiltrating a victim's device and initiating encryption on a broad range of file types. Furthermore, it alters the original filenames of these encrypted files. Victims of ELITTE87 are confronted with two ransom notes: one appears as a pop-up window, while the other is saved as a text file named 'info.txt.'

ELITTE87 appends specific identifiers to the filenames, including the victim's ID, the email address 'helpdata@zohomail.eu,' and the extension '.ELITTE87.' For instance, a file named '1.pdf' would be renamed to '1.pdf.id[9ECFA74E-3592].[helpdata@zohomail.eu].ELITTE87,' and similarly, '2.jpg' would become '2.jpg.id[9ECFA74E-3592].[helpdata@zohomail.eu].ELITTE87,' and so forth. Researchers have identified ELITTE87 as a variant of ransomware within the Phobos malware family.

The ELITTE87 Ransomware Can Lock Various Sensitive and Important Data

The ransom note issued by the ELITTE87 Ransomware delivers a stark message to its victims, informing them that their data has been encrypted and downloaded by cybercriminals. It asserts that the only means of unlocking this data is through the proprietary software provided by the perpetrators. The note explicitly warns against attempting to decrypt the data independently or resorting to third-party software, cautioning that such actions could lead to irreversible data loss.

Furthermore, the note dissuades victims from seeking assistance from intermediary or recovery companies, insinuating that such endeavors may exacerbate the situation or result in further data compromise. It assures victims that the incident of data theft will be kept confidential.

Moreover, the ransom note pledges that upon payment of the ransom, all downloaded data will be erased from the cybercriminals' systems. It emphasizes that the victim's personal information will not be sold or exploited maliciously. A strict deadline of 2 days is imposed for the victim to initiate contact with the cybercriminals and commence the ransom transaction.

Failure to comply within this timeframe purportedly triggers the sharing of the data with interested parties, with the blame squarely placed on the victim. Contact details, including specific email addresses with instructions on how to communicate with the cybercriminals, are provided in the note for the victim's reference.

The ELITTE87 Ransomware May Make the Infected Device More Vulnerable to Malware Threats

The ELITTE87 Ransomware poses a multifaceted threat beyond just encrypting files. It goes a step further by disabling the firewall on the infected system, thereby increasing its susceptibility to further harmful activities orchestrated by the ransomware. Moreover, it takes deliberate action to delete Shadow Volume Copies, a critical feature that could potentially facilitate file restoration, thereby intensifying the challenges associated with data recovery efforts.

In addition to these capabilities, ELITTE87 exhibits sophisticated functionalities, such as the ability to gather location data and implement persistence mechanisms. These mechanisms allow the ransomware to selectively exclude certain locations from its operations, enhancing its efficiency in evading detection and prolonging its impact on the compromised system. It's worth noting that ransomware variants like ELITTE87, which are affiliated with the Phobos family, often exploit vulnerabilities within Remote Desktop Protocol (RDP) services as a means to infiltrate systems, underscoring the importance of addressing security weaknesses in such protocols.

Crucial Measures to Implement on Your Devices to Protect Them from Ransomware Threats

Implementing crucial measures on users' devices is essential for safeguarding against ransomware threats. Here are several key steps:

• Keep Software Updated: Regularly update operating systems, applications, and security software on all devices. Updates omost of the time include patches for known vulnerabilities that cybercriminals exploit to install ransomware.
•  Install Security Software: Use reputable anti-malware software and keep it updated. This software can detect and block ransomware threats before they can cause damage.
•  Enable Firewall Protection: Activate any available built-in firewall on devices to monitor and control incoming and outgoing network traffic, acting as an additional layer of defense against ransomware and other cyber threats.
•  Employ Email Security Measures: Implement robust email security measures, including spam filters and email scanning for unsafe attachments or links. Teach users to recognize phishing attempts and circumvent clicking on doubtful links or accessing attachments from unknown sources.
•  Backup Data Regularly: Create backups of essential data and ensure that they are stored securely offline or in the cloud. In occurring a ransomware attack, having up-to-date backups can aid in restoring data without paying the ransom.
•  Use Safe Passwords and Multi-factor Authentication (MFA): Enforce the use of strong, unique passwords for all accounts and enable multi-factor authentication wherever possible. MFA adds more security by requiring users to verify their identity through another method, such as a code sent to their phone.
•  Limit User Privileges: Restrict user privileges to only what is necessary for their roles. This helps prevent ransomware from spreading across the network and accessing sensitive data.
•  Educate Users: Provide regular cybersecurity awareness training to users to educate them about ransomware, phishing techniques, threats and top practices for staying safe online. Teach them how to recognize suspicious behavior and report potential security incidents promptly.

By implementing these crucial measures on users' devices, organizations can decrease the risk of falling victim to ransomware attacks significantly and mitigate the potential impact on their operations and data.

The full text of the ransom note left to the victims of the ELITTE87 Ransomware reads:

'Your data is encrypted and downloaded!

Unlocking your data is possible only with our software.
Important! An attempt to decrypt it yourself or decrypt it with third-party software will result in the loss of your data forever.
Contacting intermediary companies, recovery companies will create the risk of losing your data forever or being deceived by these companies.
Being deceived is your responsibility! Learn the experience on the forums.

Downloaded data of your company.

Data leakage is a serious violation of the law. Don't worry, the incident will remain a secret, the data is protected.
After the transaction is completed, all data downloaded from you will be deleted from our resources. Government agencies, competitors, contractors and local media
not aware of the incident.
Also, we guarantee that your company's personal data will not be sold on DArkWeb resources and will not be used to attack your company, employees
and counterparties in the future.
If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed.
Your data will be sent to all interested parties. This is your responsibility.

Contact us.

Write us to the e-mail:helpdata@zohomail.eu
In case of no answer in 24 hours write us to this e-mail:email.recovery24@onionmail.org
Write this ID in the title of your message: -
If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed.
Your data will be sent to all interested parties. This is your responsibility.

Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'