The Leeme Ransomware is a potent threat that can cause serious damage to the systems it manages to infiltrate. By initiating an encryption process with a strong cryptographic algorithm, it can lock the files stored on the system rendering them inaccessible effectively. Users will no longer have access to their documents, PDFs, archives, databases, music, pictures, photos, etc.
So far, the Leeme Ransomware has not been attributed to any of the established ransomware families, which could indicate that it is a fairly unique threat. It also exhibits a rarely seen trait when it comes to the way it changes the names of the locked files. Instead of picking a single new extension, as is typically the case with ransomware threats, Leeme appends each file with a random extension.
When all the targeted data has been locked, the threat will change the desktop background image and create a text file named 'leeme.txt.' The new background will display the crypto-wallet address of the attackers while the text file carries the full ransom note.
The text file contains a set of instructions written in English, as well as Spanish. Apparently, the hackers want to receive a ransom of $250 paid using the Bitcoin cryptocurrency. After transmitting the funds, victims are instructed to send the wallet address used to send the money in an email message to the 'email@example.com' email address.
The full text of the note dropped by Leeme Ransomware is:
Su equipo ha sido infectado por un Ransomware TODOS SUS ARCHIVOS HAN SIDO CIFRADOS / Your computer has been infected by a Ransomware ALL YOUR FILES HAVE BEEN ENCRYPTED
NO ENTRE EN PÁNICO!/DON'T PANIC!
Para recuperar sus archivos debe seguir estos pasos al pié de la letra, deberá enviar 250 dólares en BITCOIN al siguiente wallet,una vez haya realizado el pago deberá ponerse en contacto con nosotros a través del siguiente email firstname.lastname@example.org en el ASUNTO del email deberá especificar PAGO CUMPLIDO en el mensaje deberá especificar el WALLET desde el que nos REALIZÓ el pago,para poder verificar que es correcto,una vez verifiquemos que usted efectuó el pago nosotros le enviaremos un email con la herramienta para recuperar sus archivos,junto a las instrucciones de uso
To recover your files you must follow these steps at the bottom of the letter, you must send 250 dollars in BITCOIN to the following wallet, once you have made the payment you must contact us through the following email email@example.com in the SUBJECT of the email must specify PAYMENT COMPLETE in the message you must specify the wallet from which you MADE the payment to us, in order to verify that it is correct, once we verify that you made the payment we will send you an email with the tool to recover your files, along with the instructions for use
Si usted no realiza el pago NADIE podrá recuperar sus archivos /
If you do not make the payment, NOBODY will be able to recover your files.'