Leto Ransomware
An increasing amount of ransomware threats has been plaguing the Internet. One of the most popular ransomware families in 2019 has been the STOP ransomware family certainly. Malware researchers have determined that there have been more than 150 variants of this data-locking Trojan released so far. One of the most recently detected file-encrypting Trojans is the Leto Ransomware.
Propagation and Encryption
After spotting and studying this ransomware threat, experts concluded that this is STOP Ransomware variant. Mass spam email campaigns, fake updates, and bogus pirated copies of legitimate applications may be among the infection vectors involved in the distribution of the Leto Ransomware. As with most file-locking Trojans, the Leto Ransomware will make sure to scan all your files as soon as it manages to invade your system. Once this ransomware threat has located all the files of interest, it will begin locking them. Every file, which has undergone the Leto Ransomware encryption process, will receive a new extension at the end of their name ‘.leto.’ This means if you had named a file ‘twenty-seven.mp3’ originally, the Leto Ransomware will rename it to ‘twenty-seven.mp3.leto’ after this file-encrypting Trojan locks it.
The Ransom Note
Like most ransomware threats, the Leto Ransomware will leave a ransom note on the desktop of its victim. The note’s name is ‘_readme.txt,’ and it states:
’ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-sTWdbjk1AY
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
gerentoshelp@firemail.cc
Your personal ID:’
In the note, the attackers claim that all users who manage to contact them within 72 hours of the attack will pay $490. However, the ones who fail to do so will have to pay double the price - $980. As a way to prove to the victim that they have a working decryption key, the authors of the Leto Ransomware offer to unlock one file free of charge. There are two email addresses given as a means of connecting with the attackers - ‘gorentos@bitmessage.ch’ and ‘gerentoshelp@firemail.cc.’
It is best to keep a distance when it comes to dealing with cyber crooks. Nothing good would come out of attempting to negotiate with such individuals. A much secure option is to download and install a reputable anti-virus software tool that will remove the Leto Ransomware from your system safely and keep it secure in the future.
