Ljubi Ransomware
The Ljubi Ransomware malware was uncovered by the cybersecurity researchers Petrovic. The Ljubi Ransomware is a threat belonging to the Babuk Ransomware family. The threat acts as typical ransomware - after infiltrating the targeted computer, it will initiate an encryption process to lock the data stored there. Victims will no longer have access to their documents, PDFs, databases, archives, images, photos, etc.
Whenever the threat encrypts a file, it will mark it by appending a new file extension to the original name. In this case, affected users will notice that their files now carry the '.ljubi' extension. In addition, they also will discover that the malware has created a new text file on the system. Named 'How To Restore Your Files.txt,' it will contain a ransom note with instructions from the attackers.
Ransom Note Details
Reading Ljubi Ransomware's ransom-demanding message reveals that the attackers supposedly also have been able to exfiltrate important private documents and data. The note also establishes that the main communication channel with the hackers is a dedicated website portal hosted on the TOR network. However, if victims are unable to access the page, they can try to establish contact by messaging the hackers' email address at 'ljubisupporte@protonmail.com.'
The full text of the note is:
'LJUBI RANSOMWARE
YOUR FILES HAVE BEEN ENCRYPTED AND COMPANY DOCUMENTS COLLECTED.
TO GET YOUR FILES BACK DOWNLOAD TOR BROWSER AND GO TOhxxp://isqtoimht5llucldrw7flyak2n5zdu4dmd7kdfs6tuasrxq7qydqs2qd.onion
YOUR UNIQUE USERNAME:
PASSWORD:YOU WILL GET IN TOUCH WITH OUR TEAM.
IF THE LIVE CHAT WEBSITE GIVEN IS DOWN SEND EMAIL TO: ljubisupporte@protonmail.com
IF WE GET NO REPLY ALL YOUR DATA WILL BE PUBLISHED.'