Skynet (MedusaLocker) Ransomware
Skynet is a type of malware that specifically targets the data of its victims and locks it with a strong encryption algorithm. These threats are known as ransomware due to the fact that their operators will then ask victims to pay a ransom in exchange for the decryption keys needed for the restoration of the affected files. It must be noted that this is a new ransomware that is being tracked by the name Skynet that is part of the MedusaLocker malware family. The previously detected threat with the same name - Skynet Ransomware, was a variant belonging to the Chaos Ransomware family.
Once Skynet infects a system, it also generates a ransom message in the form of a text file named 'Instructions for decryption.txt.' This ransom note outlines the demands of the attackers and provides instructions on how to pay the ransom to receive the decryption key necessary to recover the encrypted files. Skynet also renames the encrypted files, appending the '.Skynet' extension to their original filenames.
Threats Like the Skynet Ransomware can Have a Devastating Impact on Infected Devices
In the ransom note left by the attackers, victims are warned that their files have been encrypted, and any attempt to recover them using third-party software will result in permanent corruption. Additionally, the note instructs victims not to rename or modify encrypted files. The attackers claim that there is no software available on the Internet that can help recover files and that the only solution to the problem is to pay a ransom.
Furthermore, the note contains a threat that highly confidential and personal data have been collected, and if the victims refuse to pay, this information will be released to the public or sold to third-party entities. To contact the attackers, the note provides a link to the Tor browser, and in case the victims cannot use it, it lists email addresses ('ithelp1@decorous.cyou' and 'ithelp01@wholeness.business') that can be used to communicate with them.
Finally, the note warns that if the victims do not contact the cybercriminals within 72 hours, the cost of decryption will increase.
Ways to Protect Your Data from Ransomware Threats like Skynet
The best security measures that users can take to protect their data from ransomware attacks involve a multi-layered approach that encompasses various aspects of cybersecurity. First, users should keep their software and operating systems up to date with the latest patches and security updates to prevent attackers from exploiting known vulnerabilities.
Second, users should regularly backup their data to an external source, such as an external hard drive or cloud-based storage, to ensure that they can recover their data if their systems are compromised. It is also crucial to exercise caution when accessing email attachments, downloading files from the Internet, or clicking on links that they do not recognize or trust.
It is strongly encouraged to install and use a reputable anti-malware software and keep it updated to detect and block ransomware and other malicious software. Finally, users should educate themselves about the latest ransomware threats and be aware of the common tactics utilized by attackers to trick users into downloading and installing malicious software. By adopting these security measures, users can diminish their chances of falling victim to ransomware attacks and protect their valuable data from being encrypted and held for ransom.
The full text of the ransom-demanding message dropped by Skynet Ransomware is:
Your ID:
'/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.No software available on internet can help you. We are the only ones able to
solve your problem.We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..We only seek money and our goal is not to damage your reputation or prevent
your business from running.You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.Contact us for price and get decryption software.
qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
Note that this server is available via Tor browser only
Follow the instructions to open the link:
Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor site.
Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.
Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
Start a chat and follow the further instructions.
If you can not use the above link, use the email:
ithelp1@decorous.cyou
ithelp01@wholeness.businessTo contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER'
