Irjg Ransomware
Infosec researchers are continuing to discover new ransomware threats that use the infamous STOP/Djvu Ransomware as a basis. The latest variant of this family to be unearthed is named Irjg Ransomware. As is to be expected, the Irjg malware follows the same operational pattern as all the other STOP/Djvu variants. However, it is still capable of causing significant damage to compromised computers and devices. By initiating an encryption process with an uncrackable cryptographic algorithm, the threat can lock a vast number of different file types. As a result, the victims will lose access to their personal or business-related documents, archives, PDFs, databases, images, photos, etc.
During the encryption, all affected files will be marked by having '.irjg' added to their names as a new extension. Finally, the threat drops a ransom-demanding message contained inside a '_readme.txt' text file.
Ransom Note's Details
The instructions left by Irjg Ransomware are identical to the messages delivered by other STOP/Djvu threats. The note states that victims can restore their locked data by paying a ransom to the hackers who will then provide the necessary decryption tool and key. The price of this ransom is set at $980 but the amount can be decreased. If the note can be trusted, the attackers are willing to slash 50% of the ransom if the affected users initiate contact within the first 72 hours following the Irjg Ransomware infection.
Victims are provided with two email addresses that can be used for communication - 'manager@mailtemp.ch' and 'supporthelp@airmail.cc.' They also van attach a single locked file that is supposed to then be unlocked for free and returned back. The only requirement mentioned in the note is for the attached file to not contain any important information.
The full text of the note is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-xl2bbDnZSN
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
manager@mailtemp.ch
Reserve e-mail address to contact us:
supporthelp@airmail.cc
Your personal ID:'
