LIKEAHORSE Ransomware
Cybercriminals are using a new potent ransomware threat to target the data of their victims. The threat is tracked as LIKEAHORSE Ransomware and is capable of locking a wide range of file types via a strong encryption algorithm. As in most attack operations of this type, the goal of the hackers is to extort money from the affected users who wish to restore access to their personal or work-related data.
As a way to mark the files it encrypts, the LIKEAHORSE Ransomware adds a new file extension to their original names. Not surprisingly that new extension is '.LIKEAHORSE.' Once all suitable files have been locked, the threat will create a new file on the compromised system that carries its ransom note. The name of the file is '#RECOVERY#.txt.'
Demands Overview
According to the ransom note, victims of the LIKEAHORSE Ransomware have just 48 hours to establish contact with the attackers. After that period, the cybercriminals threaten to either sell or release to the public for free important information that has been obtained from the systems compromised by the malware. To prove their ability to restore the files, the hackers state that they are willing to decrypt up to 3 test files that do not exceed 1MB in size. The only communication channels mentioned in the note are an ICQ and a Skype accounts.
The full text of LIKEAHORSE's ransom note is:
'Hello my dear friend
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them, install ICQ software on your PC hxxps://icq.com/windows/ or on your mobile phone search in Appstore / Google market ICQ
Write to our ICQ @likeahorse
hxxps://icq.im/LIKEAHORSE
Skype LIKEAHORSE DECRYPTION
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write, the more favorable the conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption
IF WE DONT SEE MESSAGES FROM YOU IN 48 HOURS - WE WILL SELL YOUR DATABASES AND IMPORTANT INFORMATION TO YOUR COMPETITORS,AFTER YOU WILL SEE IT AT OPEN SOURCE AND DARKNET
Start messaging with an incident ID and 2-3 test files up to 1mb
your unique ID.'
