Explus Ransomware
Cybercriminals are using the Explus Ransomware threat to lock the data of their victims and then extort them for money. Indeed, the harmful threat is designed to affect numerous different files types - documents, PDFs, databases, archives, images, photos, etc., and leave them in a completely unusable and inaccessible state. Affected users also will notice quickly that all of the encrypted files now have '.explus' added to their original names. A ransom note with instructions also will be dropped on every compromised device. The message will be placed inside a newly created text file named 'RECOVERY INFOMRATION.txt.'
Ransom Not's Overview
The note left by the Explus Ransomware states that recovery of the encrypted files is possible. However, to receive the necessary decryption tool from the cybercriminals, users will need to pay a ransom. The exact sum demanded by the attackers is not revealed in the note. Instead, the attackers offer to decrypt several non-important files and then use them to calculate the price for all of the victim's locked data. Communication is supposed to be carried through the email address of the hackers at 'explus@tutanota.com.'
The entire set of instructions left by the malware is:
'YOUR FILES ARE ENCRYPTED !!!
TO DECRYPT, FOLLOW THE INSTRUCTIONS:
To recover data you need decrypt tool.
To get the decrypt tool you should:
1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool!
4.We can decrypt few files in quality the evidence that we have the decoder.CONTACT US:
explus@tutanota.comYOUR PERSONAL ID:'
