Iskaluz Ransomware
The Iskaluz Ransomware is not a unique malware strain entirely, as analysis has revealed that it is a variant from the Paradise Ransomware family. However, the danger the threat poses should not be underestimated even slightly. If Iskaluz is deployed successfully on the targeted computers, it will cause severe damage by locking most of the data stored there. After all, the goal of the attackers is to take the documents, PDFs, archives, databases, photos, etc, as hostages and extort their victims for money.
During the encryption process, Iskaluz also will leave its mark on the names of the affected files. More specifically, the threat will append an email address controlled by its operators and a new file extension to each original file name. The email address in question is 'iskaluz@protonmail.com,' while the file extension is '.iskaluz.' Finally, the malware will generate a new text file named '#DECRYPT MY FILES#.txt' on the breached system's desktop. The purpose of this file is to contain a ransom note with instructions for the victims.
Demands Overview
In the ransom note, the cybercriminals behind Iskaluz state that they want to receive a ransom of exactly $400. The funds must be transferred to the crypt-wallet address provided in the note. The hackers will accept only payments made in Bitcoin, arguably the most widely accepted cryptocurrency.
After sending the money, victims are instructed to email the transaction ID to the attackers. Users also are expected to locate a file named DecryptionInfo that the Iskaluz Ransomware should have created in the Documents folder of the infected system and send it to the hackers as well.
The full text of the note is:
'YOUR FILES HAVE BEEN ENCRYPTED !!
Our Email: ( iskaluz@protonmail.com )
[Follow these steps, if you want the key that decrypts your files]Send 400$ worth of Bitcoin to our wallet address: ( 3CFMYb3QbWKpJZgWfufGfBKChp6dZDhs5h )
This website may help you to buy Bitcoin ( buybitcoinworldwide.com )Email us the payment transaction ID (TxID) with the file named ( DecryptionInfo ) which is in your Documents folder
[ATTENTION]
Do not rename your encrypted files
Do not try to decrypt your files using third-party software, it may cause permanent files loss
Decrypting your files with the help of third parties may increase the fee, they add their fee to ours.'
