Sheeva Ransomware
The Sheeva Ransomware submits the computers it manages to invade to data encryption. As a result, the impacted users will lose their ability to access many of the file types found on the breached devices. Furthermore, each locked file will have its original name changed drastically. The threat will assign an ID string to the specific victim and add it to the names of the encrypted files. Next, the Sheeva Ransomware will add an email address controlled by its operators - 'Sheeva@onionmail.org.' Finally, each file will have '.sheeva' appended as a new file extension. Victims of the threat also will notice the presence of a new text file on the desktop. Named 'sheeva.txt,' this file contains a ransom note detailing the demands of the attackers.
According to the message, affected users who wish to receive the necessary decryption key and software tool from the cybercriminals will need to pay a ransom. Although the exact sum is not specified, the note clarifies that only payments made in Bitcoin will be accepted. The hackers also state their willingness to unlock for free two files that are less than 5MB in size. The ransom note ends with numerous warnings, the most important of which concerns a hidden folder located in C:/Sheeva. Deleting the folder will make all of the encrypted files unrecoverable, as even the hackers will no longer be able to unlock them.
The full text of the note is:
'::: Greetings :::
Your important data, including financial/development, accounting, strategies, and other vital documents and databases, have been downloaded and will be leaked soon if not paid.
===========================
Little FAQ:
.1.
Q: What's Happened?
A: Your files have been encrypted and now have the "Sheeva" extension. The file structure has been changed to unreadable format, but you can recover them all with our tool..2.
Q: How to recover files?
A: If you wish to decrypt your files, you will need to pay in bitcoins..3.
Q: What about guarantees?
A: It's just a business. We absolutely do not care about you and your deals, except getting benefits. Nobody will cooperate with us if we do not do our work and liabilities. It's not in our interests.
To check the ability to return files, you can send us two files (under 5MB) of any kind that do not contain critical information. We will decrypt them and send them back to you. That is our guarantee..4.
Q: How to contact us?
A: You can write us to our mailbox: Sheeva@onionmail.org and Sheeva@cyberfear.com
write this in the email title: ID:-.5.
Q: How will the decryption process proceed after payment?
A: After payment, we will send you our decoder program and your ID's unique keys + detailed instructions for use. With this program, you will be able to decrypt all your encrypted files..6.
Q: If I don't want to pay bad people like you?
A: If you will not cooperate with our service, it does not matter to us. But you will lose your time and data cause we are the only ones that have the private key. In practice - time is much more valuable than money.:::BEWARE:::
1.1 DON'T try to change encrypted files by yourself!
If you use any third-party software to restore your data or antivirus solutions, please make a backup of all encrypted files!
Any changes in encrypted files may entail damage to the private key and, as a result, the loss of all data.
.2. Any company/person claiming to decrypt your data without paying us, they're simply lying and will charge you a lot of extra money for that; they all contact us and buy the decryptor from us.
.3. message from Developers: to avoid any possible problems with this email agent, always as for test files, never pay anyone outside of these two emails, only pay to wallet address we send you along with the test file, this will guarantee you recover all your files with no risk
.4.Some files were encrypted but not renamed; these files will be restored after the decryption procedure is completed./IMPORTANT/ .5.DO NOT delete the C:/Sheeva folder (it's a hidden folder) otherwise decryption will be IMPOSSIBLE /IMPORTANT/'
