The Legend Ransomware is one of the latest crypto locker threats based on the prolific VoidCrypt malware family to be detected in the wild. Although the threat doesn't exhibit any significant improvements or modifications compared to the typical VoidCrypt Ransomware, it is still potent enough to cause severe damage to any computer system it managed to infect.
Users suffering an attack by the Legend Ransomware will find themselves unable to open or access their files stored on the compromised device. Indeed, by using a powerful cryptographic algorithm, the threat will encrypt nearly all files it manages to reach. The only ones that will be left unharmed are critical system files that could disrupt the OS's normal work state and cause system crashes and failures. Every enciphered file will have its name changed to fit a complex pattern used by all VoidCrypt variants. First, an email under the control of the hackers will be appended, followed by a unique ID assigned to the victim and finally '.legend' as a new file extension. The email used by the Legend Ransomware is 'email@example.com.' A ransom note containing instructions for the victims will be dropped in the form of a file named '!INFO.HTA.'
The Legend Ransomware's note doesn't specify the exact sum that the hackers want to receive in exchange for sending the decryption code and software tool. However, they do clarify that the amount of the ransom will be doubled after 48 hours and that the transaction must be made using Bitcoin. Two email addresses are provided as communication channels - the one found in the names of the encrypted files and a reserve address at 'firstname.lastname@example.org.' Affected users are allowed to attach a couple of small files to the email message to be decrypted for free.
The full text of the ransom note is:
'!!! Your Files Has Been Encrypted !!!
♦ your files has been locked with highest secure cryptography algorithm ♦
♦ there is no way to decrypt your files without paying and buying Decryption tool♦
♦ but after 48 hour decryption price will be double♦
♦ you can send some little files for decryption test♦
♦ test file should not contain valuable data♦
♦ after payment you will get decryption tool ( payment Should be with Bitcoin)♦
♦ so if you want your files dont be shy feel free to contact us and do an agreement on price♦
♦ !!! or Delete you files if you dont need them !!!
Your ID :-
our Email :email@example.com
In Case Of No Answer :firstname.lastname@example.org.'