Futm Ransomware
It seems that the STOP/Djvu Ransomware family is still popular among cybercriminals and more threats based on it are being deployed in attack operations. One such variant detected by infosec experts is the Futm Ransomware. Despite lacking any major improvements over the countless other STOP/Djvu variants, Futm is still a potent threat that can wreak havoc to the systems it manages to infect. Other examples of ransomware threats include PencilCry, HELPME, iisa and more.
Indeed, the threat is capable of impacting a wide array of file types, rendering them useless, inaccessible and unusable completely. Victims will lose their documents, archives, databases, photos, videos, PDFs, etc. The hackers will then demand to be paid a ransom in exchange for supplying the affected users with the decryption key necessary for the restoration of the data.
Each encrypted file will be marked with a new extension appended to its original name. In this case, the new extension is '.futm.' Afterward, since the threat has no more suitable files to lock, it will drop a ransom note with instructions for its victims. The ransom-demanding message will be delivered to the compromised device as a text file named '_readme.txt.'
Ransom Note Details
The ransom note reveals that to get the decryption key from the attackers, victims will have to pay them a ransom of $980. However, if the note can be trusted, there is a way to cut that price in half to $490. Apparently, the only condition is for the victims to have established contact with the hackers within the first 72 hours of Futm Ransomware's attack. The note also states that a single locked file can be sent to be decrypted and returned for free.
For this purpose, users are provided with two email addresses that can be used as communication channels. The primary email is 'manager@mailtemp.ch' while 'helprestoremanager@airmail.cc' serves as a reserve address.
The full text of the note is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-UGk4ct402i
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
manager@mailtemp.chReserve e-mail address to contact us:
helprestoremanager@airmail.ccYour personal ID:'
