REAL Ransomware
The REAL Ransomware is a new, threatening malware that has been detected in the wild. Infosec researchers warn that the threat is capable of causing significant damage to the computers it manages to infiltrate. By utilizing a strong encryption algorithm, the REAL Ransomware locks a wide variety of file types. Victims will then be unable to access their PDFs, documents, archives, databases and more.
All affected files will have '.REAL' appended to their original names as a new extension. Afterward, the threat will deliver a ransom note to the compromised system. Victims will find this ransom-demanding message inside a text file named 'ReadIt.txt.'
Ransom Note's Details
According to the dropped message, the hackers behind the REAL Ransomware also have been able to collect sensitive information from the breached machines. The acquired data is then used as additional leverage to get the victims to pay the demanded ransom. Otherwise, the attackers threaten to release the information to the public.
To get more details, the affected users are instructed to contact the 'EmmaGaller@mailfence.com' email address. Two more emails are provided as backups - 'EmmaGaller@tutanota.com' and 'EmmaGaller@cock.lu.' Victims can attach a single non-important file to their message. The attackers then promise to unlock it for free.
The entire set of instructions delivered by REAL Ransomware is:
'Hello my friend
Your system was vulnerable
I'm here to teach you a lesson,The Security Lesson!!!!
All your files are encrypted and the important one stolen
You must pay an anount of Bitcoin in exchange for decrypting files and understanding the flaws in your system And prevent your files from becoming public
Don't worry about the amount, it's spent on the security of your system and it's fair.
To show our good intentions and trust, you can send us a small, worthless file to test the decryption.
This is your ID : 045AEBC7
And this is my email :EmmaGaller@mailfence.com
Send your ID to my email to speack about it
If I don't respond for 8 hours, send messages to these emails:EmmaGaller@tutanota.com
EmmaGaller@cock.lu
Don't forget if you try to decypt them yourself, never come back to us.
So the first thing you have to do is email us because no one can decrypt them.'
