Imshifau Ransomware
The Imshifau Ransomware is a threat that can cause massive damage to the systems it manages to infect. By utilizing strong cryptographic algorithms, the threat is capable of locking the most widely-used filetypes including documents, PDFs, databases, archives, images, photos, etc. Users will find themselves unable to access the affected files at all. The Imshifau Ransomware changes the names of the encrypted files completely. It substitutes them with a random string followed by the '.Imshifau' extension. Victims will be left with a ransom note placed inside a text file named 'INFO OF DECRYPT.TXT.' The note-bearing file will be generated on the Desktop of the affected device.
The message doesn't mention the exact sum demanded by the hackers as ransom. However, the users are warned, that if they do not establish contact within 72 hours the price will be increased. Two email addresses are provided as means of communication - 'Imshifau@tutanota.com' and 'Imshifau@vegeta.cyou.' Victims can attach up to three files to their initial message that will then will supposedly be decrypted and returned. The files must not exceed 5MB in total size or containing valuable data.
The full text of the note is:
'Attention.
Vulnerabilities have been found on your system.
Your file system is damaged. All your files are encrypted, but they are completely intact.
All files are encrypted with a complex strong key AES 256, RSA and so on.
Don't use an antivirus. It can corrupt files and all cannot be recovered.
You have been assigned a unique identifier.
After infection, you have 76 hours to declare decryption. After the expiration of 76 hours, decryption cost will be automatically increased.
Do not use third-party file recovery or decryption software. They do not work. They mess up files.
Detailed information can be obtained by mail Imshifau@tutanota.com
To receive instructions on decryption, write to the mail Imshifau@tutanota.com
To get the decryption keys and the decryption program, write to the mail Imshifau@vegeta.cyouYour personal identifier:
Now you should send us email with your personal identifier.
Contact us using this email address: Imshifau@tutanota.comFree decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 5Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.
Second support: Imshifau@vegeta.cyou.'
