See_read_me Ransomware
The goal of all ransomware threats is to lock the compromised system files by encrypting them with a robust cryptographic algorithm that cannot be brute-forced and then extort money from the affected users in exchange for the potential restoration of the data. In the case of the See_read_me Ransomware, following the encryption of every file, appends to their names '.see_read_me' as a new extension. Instructions from the hackers behind the See_read_me Ransomware are delivered to their victims as text files named 'Read_Me.txt,' which are dropped in every folder containing locked data.
The text files, however, contain only the first set of instructions. They simply tell the See_read_me Ransomware victims that their files were encrypted and that to get the decryption tool, they have to visit a website available only through the TOR network. Going to the website address provided by the criminals reveals that they demand the rather hefty amount of $4000 be sent as Bitcoin to the specified cryptocurrency wallet address. At the current exchange rate, that amount is equal to 0.35 Bitcoins (BTC). Furthermore, the payment must be made within a timeframe of 2 days, after which the hackers threaten to double the price to $8000. A timer counting down from 48 hours represents the remaining time.
Victims of the See_read_me Ransomware are offered to send a single file that is less than 500KB in size to be decrypted for free.
Dealing with the aftermath of a ransomware attack is not easy. It is quite a shock to lose access to your private files, and the consequences could be even direr if the affected files were business-related. Unfortunately, there are no guarantees that even after paying the hackers' money, all of the encrypted files will be restored successfully. Instead, users are advised to look for a suitable backup that was created before the See_read_me Ransomware had infiltrated their computer. Before restoring the encrypted files, however, the computer must be cleaned with a professional anti-malware solution.
The text found in the 'Read_Me.txt' files is:
'Attention!
All your files, documents, photos, databases and other important files are encrypted
The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files.
The server with your decryptor is in a closed network TOR. You can get there by the following ways:
-----------------------
1. Download Tor browser - hxxps://www.torproject.org/
2. Install Tor browser
3. Open Tor Browser
4. Open link in TOR browser: hxxp://alcx6zctcmhmn3kx.onion/?MDVWDPGI
5. Follow the instructions on this page
-----------------------
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
Alternate communication channel here: hxxp://helpqvrg3cc5mvb3.onion/
The instructions on the main page of the TOR website are:
To buy the decryptor you must pay:
0.354 Bitcoin ($4000)
You have 2 days for payment
time left :
After finishing offer, decryptor cost
will be 0.708 Bitcoin
After payment you can download the decryptor here:
DOWLOAD DECRYPTOR
Make a Bitcoin Payment
Payment amount: $4000
Send 0.354 BTC to the following address:
Simply scan QR Code with your mobile device or copy one in the input box
Awaiting 0.354 bitcoin payment
your wallet balance - 0 BTC '
The See_read_me Ransomware is crypto locker variant based on the previously detected Adhubllka Ransomware.
