ReadSRead Ransomware
The ReadSRead Ransomware is another malware variant created as part of the ill-famed MedusaLocker Ransomware family. Cybercriminals use ransomware threats to lock the data of their victims. The executed malware will target numerous file types - documents, PDFs, archives, databases, photos, etc., encrypt their data and leave them in an unusable state.
The attackers will then extort the affected users or companies for money, in exchange for promises of sending the necessary decryption keys or software tool that could restore the files. All files impacted by the ReadSRead Ransomware will have '.ReadSRead' added to their names as a new extension. The threat also will deliver a ransom note to the infected systems via a file named 'HOW_TO_RECOVER_DATA.html.'
Reading the threat's message reveals that the ransomware uses a combination of RSA and AES algorithms to encrypt its victim's data. The cybercriminals also state that they have managed to obtain various confidential data from the breached devices and are ready to release the files to the public or sell them to interested third parties.
Victims that wish to keep their data private and restore the already encrypted files, will need to pay an undisclosed amount to the hackers. The note warns that after 72 hours, the demanded ransom will be doubled. As potential communication channels, users can visit the dedicated TOR website of the cybercriminals or send a message to the two emails mentioned in the note - 'ithelp04@decorous.cyou' and 'ithelp04@wholeness.business.'
The full text of ReadSRead Ransomware's message is:
'YOUR PERSONAL ID:
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.No software available on internet can help you. We are the only ones able to
solve your problem.We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..We only seek money and our goal is not to damage your reputation or prevent
your business from running.You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.Contact us for price and get decryption software.
.onion
Note that this server is available via Tor browser only
Follow the instructions to open the link:
Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor site.
Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.
Now you have Tor browser. In the Tor Browser open .onion
Start a chat and follow the further instructions.
If you can not use the above link, use the email:
ithelp04@decorous.cyou
ithelp04@wholeness.businessTo contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.'
