Run Ransomware
The Run Ransomware is a type of threatening software that locks its victims out of their files or systems, demanding a ransom payment for their decryption. These attacks are designed to extort money from victims, often causing significant disruption and financial loss.
The Run Ransomware is a ransomware variant created specifically to extort victims for money. Information security researchers identified it during their analysis of various harmful threats. The Run Ransomware works by encrypting a wide range of files and appending a specific extension to their filenames. It also generates a ransom note in a file named 'How_to_back_files.html.'
For instance, Run alters filenames by changing '1.doc' to '1.doc.run10' and '2.pdf' to '2.pdf.run10,' with the number in the extension varying based on the specific version of the ransomware. Researchers have also identified that this threat is part of the MedusaLocker Ransomware family.
The Run Ransomware Locks Files and Extorts Victims
The ransom note from the Run Ransomware warns victims that their data have been encrypted using robust RSA and AES encryption algorithms. It cautions against renaming or altering the encrypted files and warns that any attempt to use third-party software to restore the files could result in permanent data corruption. The note asserts that only the cybercriminals responsible for the Run ransomware have the means to decrypt the files.
To initiate communication, the ransom note provides two email addresses (ithelp01@securitymy.name and ithelp01@yousheltered.com) and a link to a Tor-based chat service. Victims are prompted to contact the threat actors within 72 hours to avoid facing an increased ransom demand for the decryption tools.
While it is true that victims typically cannot decrypt their files without the unique tools held by the attackers, paying the ransom is strongly discouraged. There is no guarantee that the cybercriminals will provide the necessary decryption tools even after payment is made. Instead, victims are advised to search for third-party decryption tools online as a potential solution to avoid both data loss and financial exploitation.
Additionally, it is crucial to take action and remove the ransomware from infected systems as soon as possible. This prevents further encryption of data and reduces the risk of the ransomware spreading to other computers on the same local network.
Don't Take Chances with the Security of Your Data and Devices
To better protect their devices and data from malware and ransomware threats, users should implement a comprehensive set of security measures. These measures include both preventive actions and responsive strategies to ensure robust protection against such threats:
- Regular Backups: Frequently back up your needed data to an self-sufficient hard drive or secure cloud storage. Ensure that these backups are kept offline or on a separate network to prevent the chance of them being encrypted in the event of an attack.
- Anti-Malware Software: Install reputable anti-malware programs on all devices. Keep these programs updated and enable real-time scanning to uncover and block malware threats before they can cause harm.
- System and Software Updates: Keep your applications and operating systems updated by applying the latest security patches. Enable automatic updates to ensure timely protection against newly discovered vulnerabilities.
- Strong, Unique Passwords : Use resilient, unique passwords for all accounts and devices. A password manager can be a good help create and store these passwords securely. Enable two-factor authentication (2FA) wherever possible for added security.
- Email and Web Browsing Caution: Be cautious with email attachments or links provided by unknown or untrusted sources. After all, scam emails are a common method for delivering ransomware.
- Network Security: Secure your Wi-Fi network with a strong password and encryption (preferably WPA3). Avoid using public Wi-Fi for sensitive activities; if necessary, use a virtual private network (VPN) to protect your data.
- Access Control and User Permissions: Limit user permissions on your devices. Avoid using accounts with administrative privileges for everyday activities. This minimizes the potential damage if a device is infected.
- Disable Macros: Disable macros in office files by default, unless you are certain they are from a trusted source. Macros can be utilized to execute bad code.
By incorporating these security measures, users can significantly lessen the risk of malware and ransomware infections, protect their data, and ensure a more secure computing environment.
The ransom note created by the Run Ransomware is:
'YOUR PERSONAL ID:
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.No software available on internet can help you. We are the only ones able to
solve your problem.We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..We only seek money and our goal is not to damage your reputation or prevent
your business from running.You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.Contact us for price and get decryption software.
email:
ithelp01@securitymy.name
ithelp01@yousheltered.comTo contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.Tor-chat to always be in touch:
qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion'
