Ransomware operators have a new tool at their disposal. Named the Lilith Ransomware, the threat can affect a large number of file types and leave them completely unusable. Typically, the encryption algorithms used by ransomware threats cannot be bypassed without having the proper decryption keys. The cybercriminals use this as leverage to extort money from their victims.
The name of the threat is based on the file extensions it appends to the locked files - '.lillith.' Affected users also will notice that a new text file has appeared on the breached devices. The file named 'Restore_Your_Files.txt' contains a ransom note with instructions from the attackers. Usually, the Lilith Ransowmare will drop its ransom-demanding message on the desktop of the system.
According to the note, victims will need to establish communication with the hackers to learn how much they will have to pay as a ransom. After receiving the money, the attackers will supposedly send back a dedicated decryption software. Of course, trusting the words of cybercriminals is strongly discouraged. According to the ransom note, the only way to reach the threat actors is via the TOX chat client.
The full text of Lilith Ransomware's message is:
'All your important files have been encrypted and stolen!
Contact us for price and get decryption software.
You have 3 days to contact us for negotiation.
If you don't contact within three days, we'll start leaking data.
1) Contact our tox.
Tox download address: hxxps://tox.chat/
Our poison ID:]
- Note that this server is available via Tor browser only
Follow the instructions to open the link:
- Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor site.
- Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.
- Now you have Tor browser. In the Tor Browser open :