Newlocker Ransomware
Newlocker Ransomware's primary function is to encrypt files stored on an infected system. During the encryption process, Newlocker also renames the affected files by appending their names with the ".newlocker" extension. For example, if a file was initially named '1.pdf,' Newlocker will rename it to '1.pdf.newlocker,' etc. This is done to indicate which files have been encrypted by the malware. In addition to encrypting files, Newlocker creates a file named 'HOW_TO_RECOVER_DATA.html,' which contains a ransom note for the victims.
The Newlocker Ransomware Locks a Wide Range of File Types
The ransom note left by the attackers includes a personal ID assigned to the victim and a warning that the network has been breached and all crucial files have been encrypted using RSA and AES encryption algorithms. The note specifically cautions against trying to restore the encrypted files with third-party software as this could permanently destroy them.
The attackers claim that no decryption software available on the Internet can assist with recovering the encrypted files. Furthermore, the attackers claim to have obtained highly confidential and personal data that will be released to the public or sold if the ransom is not paid.
As proof of their ability to restore the encrypted files, the attackers offer to decrypt two to three non-essential files for free. The ransom note includes two contact email addresses - 'microhdd@tuta.io' and 'microhdd@firemail.cc,' for making the payment and acquiring the decryption software. It also warns that the decryption key is only stored temporarily.
The attackers urge the victim to contact them as soon as possible, as the price for decrypting the files will increase if contact is not made within 72 hours.
Users Should Establish Sufficient Protection against Ransomware Threats
Ransomware is a damaging form of malware that can harm users' devices and data significantly. To protect against ransomware attacks, users can take several measures.
First, users should keep all of their anti-malware and security software up to date, as this can help to detect and prevent the installation of ransomware on their devices.
Users also should be cautious when opening emails or clicking on links from unknown or untrusted sources. They also should avoid downloading files from unverified websites or using peer-to-peer file-sharing networks.
Creating regular backups of their important data is one of the best measures to mitigate the potential damage caused by ransomware threats. The backups should be stored on an external storage device or cloud service so that they can be safely used to restore the impacted files in the event of an attack.
It is crucial for users to have strong and unique passwords for their accounts and devices and enable two-factor authentication wherever possible. This is a way to prevent unauthorized access to their systems and data.
The ransom note left by the Newlocker Ransomware is:
'YOUR PERSONAL ID:
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
ALL YOUR IMPORTANT FILES HAVE BEEN ENCRYPTED!YOUR FILES ARE SAFE! JUST MODIFIED ONLY. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMENANTLY DESTROY YOUR FILE.
DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES.NO SOFTWARE AVAILABLE ON INTERNET CAN HELP YOU. WE ONLY HAVE
SOLUTION TO YOUR PROBLEM.WE GATHERED HIGHLY CONFIDENTIAL/PERSORNAL DATA. THESE DATA
ARE CURRENTLY STORED ON A PRIVATE SERVER. THIS SERVER WILL BE
IMMEDIATELY DESTROYED AFTER YOUR PAYMENT. WE ONLY SEEK MONEY
AND DO NOT WANT TO DAMAGE YOUR REPUTATION. IF YOU DECIDE TO
NOT PAY, WE WILL RELEASE THIS DATA TO PUBLIC OR RE-SELLER.YOU WILL CAN SEND US 2-3 NON-IMPORTANT FILES AND WE WILL
DECRYPT IT FOR FREE TO PROVE WE ARE ABLE TO GIVE YOUR FILES
BACK.CONTACT US FOR PRICE (BITCOIN) AND GET DECRYPTION SOFTWARE.
microhdd@tuta.io
microhdd@firemail.cc
MAKE CONTACT AS SOON AS POSSIBLE. YOUR DECRYPTION KEY IS ONLY STORED
TEMPORARLY. IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.'
