Infected (MedusaLocker) Ransomware

During the process of analyzing malware, security researchers have come across a particularly concerning type of ransomware, which has been designated as the infected Ransomware. This specific threat has garnered significant attention due to its threatening capabilities and distinctive characteristics.

The Infected Ransomware operates by infiltrating targeted devices and then proceeding to encrypt the files stored on them. To further obfuscate the files and make them inaccessible to the victim. The ransomware also appends the '.infected' extension to their original filenames. Additionally, it leaves behind a ransom note titled 'HOW_TO_BACK_FILES.html,' which serves as a means for the attackers to communicate with the victim and demand a ransom payment.

It is worth noting that there has been a previous ransomware strain bearing the name 'Infected.' However, this new variant distinguishes itself by belonging to the MedusaLocker Ransomware family, indicating a potentially different set of tactics, techniques and procedures employed by the cybercriminals behind it.

The Infected (MedusaLocker) Ransomware Renders Victims' Data Unusable

The ransom note informs the victims that their crucial files have been subjected to encryption. The emphasis is on the fact that these files remain physically intact but are rendered inaccessible through the use of a powerful encryption mechanism combining RSA and AES algorithms.

However, the note sternly warns against attempting any file restoration endeavors with third-party software as this could damage the files. It also advises against any alterations or renaming of the encrypted files, further emphasizing the precarious situation in which the victim finds themselves.

The Infected Ransomware states that highly sensitive or personal data has been collected from the compromised system, and the data is now stored on a private server under the control of the attackers. This data serves as leverage - should the victim opt not to comply with the ransom demands, the cybercriminals threaten to expose the information to the public or sell it to a third party.

In an attempt to establish contact, the ransom note provides several avenues. It offers a Tor-based URL, a secure and anonymous network, for initiating communication with the ransomware operators. Additionally, the note supplies email addresses, specifically ithelp02@securitymy.name and ithelp02@yousheltered.com, as alternative means of contact.

To further intensify the pressure, a time-sensitive element is introduced. The ransom amount is subject to increase if the victim fails to initiate contact with the operators within a stringent 72-hour window, creating a sense of urgency and compounding the victim's dilemma.

Make Sure to Implement Effective Security Measures Against Malware Infections

Effective security measures against malware infections are crucial for protecting your devices and data from harmful software threats. Here are several measures that users can implement to bolster their security:

• Install Anti-Malware Software: Utilize reputable anti-malware software on your devices. Keep these programs up to date and enable real-time scanning to detect and remove malware.
•   Regularly Update Software: Ensure that your operating system, applications, and software are kept up to date with the latest security patches. Cybercriminals often target known vulnerabilities.
•   Use a Firewall: Enable a firewall on your devices to monitor and control incoming and outgoing network traffic. This can help prevent unauthorized access and malware communication.
•   Be Specially Cautious with Email Attachments and Links: Email attachments and links, especially from unknown or suspicious sources, should be handled carefully. Avoid opening attachments or links from unverified senders.
•   Practice Safe Browsing: Only visit reputable websites and when getting files from the Internet, verify the source before taking any action. Avoid interacting with pop-up advertisements or downloading software from untrustworthy sources.
•   Backup Your Data: Back up your important files and data to an external drive or a secure cloud storage service. In case of a malware infection, you can restore your data without paying a ransom.
•   Implement Strong Passwords: All your accounts should use well-built, unique passwords, and you should consider the use of a password manager to keep track of them. Change passwords regularly, especially for critical accounts.
•   Keep Yourself Educated: Stay informed about the latest malware threats and common attack techniques. Educate yourself and your family members or colleagues on safe online practices.

By implementing these security measures and maintaining vigilance while using your devices and navigating the online world, you can significantly reduce the risk of falling victim to malware infections and other cyber threats.

The full text of the Infected (MedusaLocker) Ransomware's ransom note is:

'YOUR PERSONAL ID:

/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion

Note that this server is available via Tor browser only

Follow the instructions to open the link:

Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor site.

Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.

Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion

Start a chat and follow the further instructions.
If you can not use the above link, use the email:
ithelp02@securitymy.name
ithelp02@yousheltered.com

To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.'