LOWPRICE Ransomware

By CagedTech in Ransomware

Translate To:

Devices infected by the LOWPRICE Ransomware are subjected to an encryption routine with nearly all stored files being rendered unusable and inaccessible.The LOWPRICE Ransomware is a threat classified as a variant from the PHOBOS malware family. The LOWPRICE Ransomware will then try to extort its victims for money by promising to restore the data afterward. As part of its programming, the threat will change the original names of the locked files drastically. The pattern it uses is 'Original File Name.id[Unique Victim ID].[ICQ Account].LOWPRICE.' The use of the ICQ messaging application is an uncommon choice seen as part of ransomware operations rarely.

LOWPRICE Ransomware's Demands

When the threat completes its encryption process, it will proceed to drop the instructions for its victims. It does so by creating two files - 'info.txt' and 'info.hta,' on the Desktop of the compromised device. Both deliver the same ransom note. While the message doesn't say the exact sum of the ransom, it does mention that the price depends on how fast the affected users initiate contact. Furthermore, if the hackers do not receive a message from their victims within 72 hours, they threaten to sell important data collected from the breached systems to either a competitor of the victim or interested cybercriminals.

To reach the hackers, LOWPRICE Ransomware's victims can use the provided email address - virtualhorse1@protonmail.com, or the SAFEPLACE ICQ account also found in the names of the encrypted files. Generally, it is not recommended to contact the operators of malware threats, as users would be exposing themselves to additional security risks.

The full text of the ransom-demanding message is:

'Hello,sir!Dont worry,your files are safe but you cant use it before our cooperating
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
We can give you all decryption guarantees and important information to improve your IT skills
Price of decryption depends on how fast you will write us
If you want to restore your files write to our mail - virtualhorse1@protonmail.com
If we dont reply during 3 hours contact us via ICQ which works 24/7
Install ICQ software on your PC here xxps://icq.com/windows/ or on mobile phone from Appstore / Google Play Market search for "ICQ"
Write to our ICQ @SAFEPLACE hxxps://icq.im/SAFEPLACE/
Write your ID in the title of your message -
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software - it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write - the more favorable conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption.
IF WE DONT SEE MESSAGES FROM YOU IN 72 HOURS - WE WILL SELL YOUR DATABASES AND IMPORTANT INFORMATION TO YOUR COMPETITORS AND OTHER HACKERS IN DARKNET.'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

LOWPRICE Ransomware

Submit Comment

Related Posts

CrazyLowPrices

LowPricesApp

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen