Multi-License Discounts
Threat Database Ransomware LEAKDB Ransomware

LEAKDB Ransomware

By Mezo in Ransomware
Translate To:
English

Researchers have discovered a new harmful threat known as the LEAKDB Ransomware. This type of malware falls into the category of ransomware, designed to encrypt data on infected devices and demand payment for the decryption of files. The modus operandi of the LEAKDB Ransomware involves infecting devices and encrypting files present on them. Additionally, the threat alters the names of the affected files by appending a unique ID assigned to the victim, the email address of the cyber criminals, and a '.LEAKDB' extension. For instance, an originally named file like '1.png' might appear as '1.jpg.id[8ECFA94E-3143].[pcsupport@skiff.com].LEAKDB.'

Upon completing the encryption process, the LEAKDB Ransomware delivers ransom notes in the form of a pop-up window named 'info.hta' and a text file named 'info.txt.' These files are deposited into every encrypted directory and on the desktop. Analysis of the messages contained in these notes reveals that LEAKDB primarily targets companies rather than individual home users. Notably, researchers have identified the LEAKDB Ransomware as a variant belonging to the Phobos Ransomware family. This underscores the sophistication and evolving nature of ransomware threats, with LEAKDB demonstrating a specific focus on corporate entities in its malicious activities.

The LEAKDB Ransomware May Cause Significant Damage to Infected Systems

The ransom notes issued by the attackers serve as a notification to the victim, indicating that their files have not only been encrypted but also downloaded by fraud-related actors. These notes explicitly caution against utilizing online decryption tools or seeking assistance from third parties, asserting that such actions could lead to irreversible data loss. The victim is provided a two-day window to establish contact with the attackers, strongly implying that a monetary payment is expected. The messages further outline the potential consequences of non-compliance, emphasizing the looming threat of company data leaks if the victim fails to meet the cyber criminals' demands.

Threatening programs associated with the Phobos Ransomware family, exemplified by LEAKDB, exhibit advanced capabilities in encrypting both local and network-shared files. Notably, this malware can circumvent encryption exceptions for files marked as "in use" by terminating relevant processes (e.g., database programs, document readers, etc.).

LEAKDB strategically avoids encrypting critical system files to avoid rendering the infected device non-operational. Additionally, efforts are made to avoid double encryption of files already impacted by other ransomware. However, this process is not foolproof, as it relies on an exclusion list that may not encompass all known ransomware variants.

To impede file recovery, these ransomware programs possess the capacity to delete the Shadow Volume Copies. Moreover, they employ persistence-ensuring mechanisms, such as copying themselves to the %LOCALAPPDATA% path and registering with specific Run keys. Another implemented technique ensures the automatic initiation of the malware after each system reboot, emphasizing the thorough and sophisticated nature of LEAKDB's tactics.

Take Measures to Safeguard Your Data against Malware Threats

Safeguarding data against malware threats is crucial in maintaining the security and integrity of personal and organizational information. Here are several measures that users can implement to protect their data from malware:

  • Install Reliable Anti-malware Software:
  • Utilize reputable anti-malware software to detect and remove malicious programs. Keep the software updated for the latest threat definitions.
  •  Enable Firewall Protection:
  • Activate and configure firewalls on devices to detect and manage incoming and outgoing network traffic, preventing unauthorized access.
  •  Regular Software Updates:
  • Keep operating systems, applications, and software up to date with the latest security patches. Regular updates help address vulnerabilities that malware may exploit.
  •  Exercise Caution with Email Attachments:
  • Avoid opening email attachments from suspicious or unknown sources. Check the legitimacy of the sender before clicking on any links or downloading attachments.
  •  Use Strong, Unique Passwords:
  • Employ complex passwords and avoid using the same password across multiple accounts. This simple practice reduces the risk of unauthorized access in case one account is compromised.
  •  Backup Data Regularly:
  • Create and maintain regular backups of important data. Store backups on external devices or in secure cloud services to ensure data recovery in case of a malware attack.
  •  Educate and Train Users:
  • Provide education and training on recognizing phishing attempts, suspicious websites, and the importance of exercising caution while online.
  •  Secure Wi-Fi Networks:
  • Set strong passwords for Wi-Fi networks and use WPA3 encryption. Regularly update router login credentials to prevent unauthorized access.
  •  Stay Informed About Cyber Threats:
  • Keep yourself abreast of the latest cybersecurity threats and best practices. Stay informed about emerging malware trends to adapt security measures accordingly.

By adopting these proactive measures, users can significantly enhance their defenses against malware threats and mitigate the risk of data compromise.

The full ransom note of LEAKDB Ransomware reads:

'Your data is encrypted and downloaded!

Unlocking your data is possible only with our software.
Important! An attempt to decrypt it yourself or decrypt it with third-party software will result in the loss of your data forever.
Contacting intermediary companies, recovery companies will create the risk of losing your data forever or being deceived by these companies. Being deceived is your responsibility! Learn the experience on the forums.

Downloaded data of your company
Data leakage is a serious violation of the law. Don't worry, the incident will remain a secret, the data is protected.
After the transaction is completed, all data downloaded from you will be deleted from our resources. Government agencies, competitors, contractors and local media not aware of the incident.
Also, we guarantee that your company's personal data will not be sold on DArkWeb resources and will not be used to attack your company, employees and counterparties in the future.
If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed. Your data will be sent to all interested parties. This is your responsibility.

Contact us
Write us to the e-mail: pcsupport@skiff.com
In case of no answer in 24 hours write us to this e-mail:pctalk01@tutanota.com
Write this ID in the title of your message -
If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed. Your data will be sent to all interested parties. This is your responsibility.

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Trending

Most Viewed

Loading...