Razio Ransomware
A new ransomware variant was tracked under RaZiO Ransomware. The Razio Ransomware has been identified by infosec researchers as belonging to the Xorist Ransomware family. Although the threat doesn't exhibit any significant improvements, its destructive capacity should not be underestimated. Any files encrypted by the threat will no longer be accessible and decryption without assistance from the attackers could be considered virtually impossible.
During its encryption process, the threat will append the name of each affected file with '.RaZiO' as a new file extension. The threat also ensures that its victims will see the ransom message from the attackers by delivering it in three different forms - as a new desktop wallpaper, in a pop-up window, and inside a text file named 'HOW TO DECRYPT FILES.txt.'
Ransom Note's Details
The text in all three places is identical. It informs affected users that to restore their files they will have to pay a ransom using the Bitcoin cryptocurrency. The amount demanded is 0.02 BTC, which at the current exchange rate is over $900. Тhe funds are expected to be transferred to the crypto-wallet address found in RaZiO's ransom note. Afterward, victims are instructed to establish contact with the attackers by sending a message to the 'raziotix@tuta.io' email address.
The full text of the note is:
'Hi, as you can see, all your files are encrypted.
Don't panic, you can decrypt them, you just have to pay me for the ransom.Payment is made only by bitcoin, and the amount you have to pay is 0.02 BITCOIN
You can buy very easily from these sites:
www.localbitcoins.com
www.paxful.comA list of several sites where you can buy bitcoin can be found here:
hxxps://bitcoin.org/en/exchangesMake sure the address where you will send the bitcoin is:
After sending, contact us at this email address: raziotix@tuta.io
With this subject:After confirming the payment, you will receive a tutorial and the keys for decrypting the files.'
