The lUUUUUUUUU Ransomware falls into the category of malware threats designed specifically to lock the data of their victims. Once the targeted devices have been infected successfully, the deployed ransomware threat will scan the data on them and encrypt a wide range of files. Victims are likely to lose their access to any documents, PDFs, images, photos, databases, archives and more. In this case, all encrypted files will be marked by having '.lUUUUUUUUU' attached to their names as a new extension. Furthermore, infosec experts have confirmed that the lUUUUUUUUU Ransomware is part of the Xorist Ransomware family.
After completing the encryption process on the breached device, the threat will drop two identical ransom notes with instructions from its operators. The demands of the threat actors will be displayed as a pop-up window and as a text file named 'HOW TO DECRYPT FILES.txt.' The lUUUUUUUUU Ransomware's ransom notes state that victims must pay a ransom in Bitcoins. The exact amount of the ransom will supposedly depend on the time it takes the affected users to contact the attackers. The only way to do so is to message the 'lUUUUUUUUUUbasq@mail.ru' email address.
The full text of the two ransom notes is:
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail lUUUUUUUUUUbasq@mail.ru
Write this ID in the title of your message
In case of no answer in 2 day
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.'