Session Ransomware
Security researchers have uncovered new members of the Makop Ransomware family lately. The Session Ransomware is the last member of this family and, like other ransomware threats, its mission is to infect a computer, scan it for crucial files, and encrypt these files by using a very strong encryption method so that the victims will be unable to access them. Then, the Session Ransomware adds the '.[ID][].session' file extension to the encrypted files and they only can be decrypted if the victim has the decryption software that the cybercriminals responsible for the attack have in their possession.
When the files are fully encrypted, the Session Ransomware will create a ransom message, which will appear on the victim's desktop as a file named '+README-WARNING+.txt'. On the ransom message, the victims will find some instructions about how to proceed in case they want to have their files restored. However, they do not disclose the sum that should be paid as a ransom but provide the way to contact the send a message to ICQ @Ransomware_Decrypt hxxps://icq.im/Ransomware_Decrypt. At the end of the ransom message they threaten the victims saying that if they try to decrypt the files without paying the ransom, they will sell the files to third parties.
The ransom message that will appear on the victim's desktop is:
'Your data is encrypted!
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them install ICQ software on your PC here hxxps://icq.com/windows/ or on smartphone from Appstore / Google Play Market search for “ICQ”
Write to our ICQ @Ransomware_Decrypt hxxps://icq.im/Ransomware_Decrypt/
Or download the (Session) messenger (hxxps://getsession.org) in messenger: 0569a7c0949434c9c4464cf2423f66d046e3e08654e4164404b1dc23783096d313 You have to add this Id and we will complete our converstion
Tell us your file ID
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software – it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write – the more favorable conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption.
IF WE DON'T SEE MESSAGES FROM YOU IN 72 HOURS – WE WILL SELL YOUR DATABASES AND IMPORTANT INFORMATION TO YOUR COMPETITORS AND OTHER HACKERS IN THE DARKNET.'
Although the members of the Makop Ransomware family may cause a lot of problems to its victims, the payment of the ransom is not recommended at all. Cybercriminals do not care about ethics and there is a high possibility that they will not provide the decryption software after receiving the ransom.
