Errz Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 5,270 |
Threat Level: | 100 % (High) |
Infected Computers: | 6,953 |
First Seen: | May 9, 2022 |
Last Seen: | September 18, 2023 |
OS(es) Affected: | Windows |
The Errz Ransomware is a treacherous malware that cybersecurity experts have classified as being a STOP/Djvu variant. Despite lacking any major improvements over the rest of the threatening variants, Errz Ransomware's destructive capabilities remain significant. Computers infected by the threat will have the data stored on them encrypted with a strong cryptographic algorithm. Afterward, victims will find themselves unable to access any of the locked files.
As part of its actions, the threat also will modify the names of the targeted files, by appending '.errz' to them as a new file extension. Affected users also will notice the appearance of a new text file on the breached device. The file will have a name similar to '_readme.txt' and be responsible for delivering a ransom note with instructions from the cybercriminals.
Demands' Overview
The ransom-demanding message left by Errz, reveals that the hackers expect to be paid a ransom of $980 if they are to assist in the restoration of the encrypted files. After paying the money, users are told that they will receive a software tool and the necessary decryption keys. However, like most STOP/Djvu variants, Errz also mentions that users who establish contact with the attackers within the first 72 hours will only need to pay 50% of the initial ransomware amount.
According to the ransom note, victims can message the cybercriminals via two email addresses ('restorealldata@firemail.cc' and 'gorentos@bitmessage.ch') and a Telegram account at '@datarestore.' A single locked file can be attached to the message. The attackers state that if the chosen file doesn't contain any valuable information, it will be unlocked and returned to the user for free.
The full set of instructions left by Errz Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-WbgTMF1Jmw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
restorealldata@firemail.ccReserve e-mail address to contact us:
gorentos@bitmessage.chOur Telegram account:
@datarestoreYour personal ID:'