ReadText Ransomware

Researchers have identified a new ransomware threat known as ReadText. Much like typical ransomware, ReadText functions by encrypting the files on devices that it successfully infiltrates. To distinguish these encrypted files, the ransomware appends them with a '.readtext4' extension, although the specific number may vary depending on the particular variant of the ransomware. For example, a file originally named '1.jpg' would be transformed into '1.jpg.readtext4,' while '2.doc' would become '2.doc.readtext4,' and so on.

Following the encryption process, ReadText deposits a ransom-demanding message titled 'How_to_back_files.html.' This message serves as an ominous indicator of the ransomware's intent, suggesting that ReadText primarily targets organizations and employs a double-extortion strategy. In this strategy, the attackers not only encrypt the victim's data but also threaten to release sensitive information unless a ransom is paid.

Additionally, it has been determined that ReadText belongs to the MedusaLocker Ransomware family, further underscoring its unsafe nature and the need for heightened vigilance and cybersecurity measures to protect against such threats.

Victims of the ReadText Ransomware Lose Access to Critical Data

The ransom note associated with the ReadText Ransomware reveals the extent of the attack on the victim's network. According to the message, this threatening software has infiltrated the network and inflicted considerable damage. It has accomplished this by encrypting crucial files, rendering them inaccessible, and, perhaps even more alarmingly, by collecting confidential and personal data.

The note goes on to issue several critical warnings to the victims. Firstly, it advises against any attempt to rename or modify the encrypted files. This could result in rendering the data permanently undecryptable. Similarly, the victim is strongly cautioned against seeking to recover their files using third-party decryption tools, as these may prove ineffective and worsen the situation.

The most pressing demand made in the message is that the victim must pay a ransom to regain access to their encrypted data. Failure to comply with this demand carries dire consequences. The attackers threaten to either leak or sell the collected data if the ransom demand is not fulfilled. To add further urgency, the ransom amount is stated to increase if contact is not made within 72 hours. To test the validity of the decryption process, the victim is given the option to send the attackers two to three encrypted files.

However, even if victims do choose to meet the ransom requests, there is no guarantee that they will get the promised decryption keys or tools. This uncertainty underscores the risks associated with paying the ransom, not only because data recovery is uncertain but also because it inadvertently supports criminal activities.

To prevent further encryptions and future attacks by the ReadText ransomware, it is imperative to remove the malware from the operating system. Nevertheless, it is essential to understand that removing the ransomware will not magically restore files that have already been compromised.

Important Security Measures to Better Protect Your Devices and Data

To ensure robust protection against the ever-growing threat of ransomware, users must adopt a holistic approach that embraces a wide range of security measures. This comprehensive strategy involves a combination of proactive actions and consistent practices aimed at minimizing the vulnerability to ransomware attacks. In essence, safeguarding your devices and data from ransomware threats necessitates a multi-faceted and ongoing effort:

• Strong Passwords: Produce unique, complex passwords for each account and device. Use a combination of special characters, upper and lower-case letters and numbers. Avoid easily guessable information like birthdays or names.
•  Two-Factor Authentication (2FA): Enable 2FA wherever possible, as it adds an extra layer of security. Typically, 2FA involves something you know (password) and something you have (e.g., a mobile app or hardware token).
•  Regular Software Updates: Keep your operating system, applications, and anti-malware software up to date. Updates usually include security patches to address vulnerabilities.
•  Anti-Malware Software: Install reputable anti-malware software to detect and remove unsafe programs. Ensure it's updated regularly for the latest threat definitions.
•  Data Backup: Regularly back up your important data to an external device or cloud storage. This ensures you can recover your data in case of ransomware or hardware failure.
•  Safe Browsing Habits: Be extremely cautious when handling links or downloading attachments, especially from unknown sources. Use a trusted Web browser with built-in security features.
•  Email Security: Beware of phishing emails and steer clear of clicking on suspicious links or sharing personal information via email. Verify the sender's identity if you receive unexpected requests.

By implementing these security measures, users can significantly enhance the protection of their devices and data against various cyber threats.

The text on the ransom note generated by the ReadText Ransomware reads:

The full text of the ransom note generated by the ReadText Ransomware is:

'YOUR PERSONAL ID:

/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

email:
ithelp15@securitymy.name
ithelp15@yousheltered.com

To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

Tor-chat to always be in touch:'