EXISC Ransomware
Infosec experts are warning users about a ransomware threat known as EXISC. Its primary purpose is to encrypt the data found on the devices it infects successfully. Afterward, the cybercriminals will demand payment of a fee in exchange for the decryption of the affected files.
Upon being executed, the EXISC Ransomware was observed encrypting various files and modifying their filenames by appending the '.EXISC' extension to them. For instance, affected users will notice that a file originally named '1.pdf' would be transformed into '1.pdf.EXISC,' while '2.jpg' would become '2.jpg.EXISC,' and so on.
Subsequently, the EXISC Ransomware generates a ransom note titled 'Please Contact Us To Restore.txt.' The content of this note strongly indicates that the ransomware is specifically aimed at targeting large entities rather than individual home users.
The EXISC Ransomware Attacks may Cause Significant Disruptions
The message demanding a ransom generated by EXISC Ransomware provides victims with a comprehensive overview of the compromised state of their company network. It explicitly states that the perpetrator has caused significant damage by encrypting the files, rendering them inaccessible, and also by stealing sensitive and confidential data.
The ransom note emphasizes that to recover the encrypted files and prevent the exfiltrated data from being exposed or leaked, the victim must comply with the ransom demands. Although the specific amount of the ransom is not mentioned in the note, it does specify that payment must be made in either Bitcoin or Monero cryptocurrencies.
Moreover, the EXISC Ransomware's note mentions that a certain number of files can be submitted for a test of the decryption process. This serves as a demonstration to the victim that data recovery is indeed feasible. However, it remains unspecified how many files can be included in this test decryption.
However, even if the PC user decides to pay the ransom, there is a significant risk of not receiving the promised decryption keys or software. Unfortunately, numerous cases have been reported where victims have complied with the ransom demands, only to be left without the means to restore their data. Therefore, it is strongly advised against paying the ransom as it not only fails to guarantee data recovery but also contributes to the perpetuation of this criminal activity.
Sufficient Cybersecurity Protection against Ransomware Threats is Crucial
Users can implement several effective measures to safeguard their devices and data from ransomware attacks.
First and foremost, maintaining up-to-date and robust security software is absolutely essential. Installing reputable anti-malware programs that offer real-time protection can help detect and block ransomware threats before they can infiltrate the system.
Regularly updating operating systems, software applications, and plugins is another essential step. Keeping software patched with the latest security updates helps to close known vulnerabilities that ransomware may exploit.
Educating oneself about phishing techniques and social engineering tactics is crucial. Being vigilant about suspicious emails, messages, or requests for personal information can help users avoid falling victim to ransomware delivery methods.
Regularly backing up important files and data to an offline or secure cloud storage solution is essential. This ensures that even if the original files are encrypted by ransomware, users can restore them from a clean backup.
Implementing least-privilege access controls and restricting user permissions can limit the potential impact of a ransomware attack. Users should only have the necessary access rights to perform their tasks, reducing the chances of ransomware spreading across the network.
Maintaining a proactive and vigilant approach to cybersecurity is necessary. Staying informed about the latest ransomware trends, security best practices, and emerging threats allows users to adapt their defenses accordingly and respond effectively to potential risks.
The text of the ransom note dropped by the EXISC Ransomware is:
'Hello, your company's computer is encrypted by me, and the database and data are downloaded. If you do not want me to disclose these materials, you must pay me a ransom. After receiving the ransom, I will delete all downloaded files and help you decrypt your computer, otherwise If we do, we will disclose these materials and your company will face unprecedented repercussions.
We only work for money and do not destroy your network, and we are very honest. After receiving the ransom, we will also provide you with information about the vulnerability of your system to help you fix the vulnerability to avoid re-attacks.
If you doubt our ability to decrypt files, you can send me some encrypted files and I will decrypt them to prove it.
Please pay the ransom in Bitcoin or Monero.
Please use TOX to contact me or email me.
Email:HonestEcoZ@dnmx.orgTOX ID:CD68CFDDE1FA569C2D7B9CD969CF6A86805EBE0013AC4A99F28C141F9022510D786ECFC3F042
TOX Download:hxxps://tox.chat/download.html'
