Cybercriminals are using a new malware variant, to lock the data of their victims. The threat that is based on the VoidCrypt family, is being tracked by infosec researchers as the Linda Ransomware, and its invasive capabilities allow it to render users' documents, databases, archived, and more, completely inaccessible. Upon encrypting a file, the malware also will cause significant changes to that file's original name. Most notably, users will notice that an ID string, an email address, and a new file extension have been appended to the file names. The ID string is generated specifically for each breached device, the email address used by the operators of the threat is 'email@example.com,' and the added file extension is '.linda.'
When all targeted file types on the infected systems have been processed by the threat, the Linda Ransomware will proceed to deliver a ransom note. The note will be dropped as a file named '!INFO.HTA.' Typically, these ransom-demanding messages tell users the way that they can send the ransom to the attackers. This could include transferring the money to a specific crypto-wallet address and using a certain cryptocurrency chosen by the threat actors. Victims of ransomware threats also should remember that communicating with cybercriminals exposes them to additional security and privacy risks.