Multi-Device Licenses (Volume Discounts)

Change Region

English Čeština Dansk Deutsch Eesti Español Français Hrvatski Italiano Nederlands Polski Português Suomi
Threat Database Ransomware FLYU Ransomware

FLYU Ransomware

By GoldSparrow in Ransomware
Translate To:
English

The FLYU Ransomware is yet another potent ransomware threat spawned from the prolific Dharma malware family. FLYU doesn't deviate much from the established formula for Dharma Ransomware variants. The FLYU Ransomware encrypts the files on the compromised computer and demands a ransom payment in exchange for their restoration. All encrypted files will have their original filenames modified significantly. The FLYU Ransomware will append a unique string representing the specific victim's ID, followed by an email address that belongs to the hackers, and finally '.FLYU' as a new extension. The email address used in the naming of the locked files is 'yourfiles1@tutanota.com.'

The FLYU Ransomware deploys two different ransom notes with instructions for its victims. The first one is dropped as a text file named 'FILES ENCRYPTED.txt' in every folder containing the compromised data. As far as useful information goes, it simply provides two email addresses that should be used for communication - yourfiles1@tutanota.com and yourfiles1@cock.li. The basic instructions are delivered in a pop-up window. There, the FLYU Ransomware victims are told to use the second email address only if a response didn't arrive within 12 hours from sending an email to the first address. The note doesn't mention a specific sum, or if the payment must be made in Bitcoin or any other cryptocurrency.

The instructions found in the text file are:

'all your data has been locked us

You want to return?

write email yourfiles1@tutanota.com or yourfiles1@cock.li'

The full text of the pop-up note is:

'YOUR FILES ARE ENCRYPTED

Don't worry,you can return all your files!

If you want to restore them, follow this link: email yourfiles1@tutanota.com YOUR ID -

If you have not been answered via the link within 12 hours, write to us by email:yourfiles1@cock.li

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a tactic.'

Trending

Most Viewed

Loading...