LEAKS Ransomware
The LEAKS Ransomware is a file-locker, which is likely to target businesses and organizations, instead of regular users. Its creators use an attack, which includes two stages – extracting important files from the victim's machine and then encrypting them. By collecting files, the criminals gain an extra option to extort their victims. They threaten to leak the files online unless they receive a ransom fee via Bitcoin.
The LEAKS Ransomware is likely to reach its targets through spearphishing emails, usually urging users to download a file. While in most cases the file is an attachment, it may also be on a 3rd-party site that the email links to. If a victim ends up launching the LEAKS Ransomware, they may lose access to most of their files immediately. The ransomware encrypts the hard drive and also tries to damage data on removable storage devices or shared networks storage. It then adds the '.LEAKS' suffix to the name of every file it locks.
LEAKS Ransomware's Authors Threaten to Leak Files
Of course, it also drops a ransom note on the victim's machine – 'LEAKS!!!DANGER.txt.' This text advises victims to pay a ransom fee immediately if they wish to keep their data private, and restore it. The crooks offer to unlock two files for free as well. They provide a TOR link for the payment page, as well as several emails - Dwightschuh@tutanota.com, Joannbeavers@protonmail.com, and Ralphshaver@onionmail.org.
Unfortunately, dealing with this attack is not easy at all. Even if you restore files from a backup, you would still be unable to prevent the criminals from leaking the data. They use the website Corpleaks.net to do this – thankfully, it seems to be offline. However, this does not prevent them from using other methods to leak the data of their victims online. Instead of paying them, you should run an anti-virus tool to eliminate the malware. After this, try out alternative data recovery options and tools.
