SomeOrdinaryGamers Mutahar Ransomware

The SomeOrdinaryGamers Mutahar has recently emerged as a ransomware threat, catching the attention of cybersecurity researchers. This threatening software is identified for its ability to encrypt and rename files, alter the desktop wallpaper, and present a ransom note within a file titled '+README-WARNING+.txt.' The name of the threat appears to be based on the popular YouTube channel SomeOrdinaryGamers.

When the SomeOrdinaryGamers Mutahar infects a system, it appends a series of random characters, the email address 'someordinarygamers@nanozebra.com,' and the. 'SOG' extension to filenames. For instance, a file originally named '1.pdf' would be transformed into "1.pdf.[2AF30FA3].[someordinarygamers@nanozebra.com].SOG," and similarly, '2.jpg' would become '2.jpg.[2AF30FA3].[someordinarygamers@nanozebra.com].SOG,' and so forth. Researchers have confirmed that the SomeOrdinaryGamers Mutahar is rooted in the Makop Ransomware family. This particular threat poses significant risks by encrypting files, demanding a ransom, and displaying distinctive characteristics consistent with its malicious counterparts.

The SomeOrdinaryGamers Mutahar Ransomware Takes Victims' Data Hostage

The ransom message serves as a notification to victims, alerting them to the encryption of their files while emphasizing the importance of maintaining the file structure. This communication explicitly demands payment in exchange for file recovery and offers test decryption as a means of assurance.

Contained within the message are contact details, including an email address (someordinarygamers@nanozebra.com) and a Twitter handle (@ordinarygamers). The note issues a caution against attempting independent file restoration and outlines the decryption process post-payment, ensuring the delivery of a scanner-decoder program alongside comprehensive instructions.

However, victims are strongly discouraged from making ransom payments, as there is no guarantee of receiving decryption tools even after payment. Unfortunately, the likelihood of accessing files without payment remains low unless the ransomware itself contains critical vulnerabilities that enable cybersecurity researchers to develop a decryptor.

In addition to refraining from payment, it is imperative for victims to remove the ransomware from compromised computers promptly. This action helps prevent potential additional encryption and the further spread of the ransomware within a local network. Acting swiftly in this regard is crucial to minimize the overall impact and mitigate the potential risks associated with the ransomware threat.

Do Not Take Chances with the Security of Your Data and Devices

Securing your data and devices against malware threats requires a multifaceted approach incorporating various security features. Here are some essential measures to implement:

• Anti-malware Software: Deploy reputable security software with real-time scanning capabilities. Regularly update the virus definitions to ensure protection against the latest threats.
•  Firewall Protection: Activate and configure firewalls on your devices and network routers. Firewalls provide a barrier between your system and potential threats, monitoring and controlling incoming and outgoing traffic.
•  Regular Software Updates: Keep all software, including operating systems, browsers, and applications updated.These updates, a lot of times, include security patches that address vulnerabilities exploited by malware.
•  Secure Passwords: Use unique, exclusive passwords for all accounts and enable two-factor authentication whenever possible. This will add a secondary layer of safety, making it more hard for attackers to gain unauthorized access.
•  Email Security: Exercise caution when opening emails, especially those from unknown senders. It is not advised to click on suspicious links or interact with attachments from untrusted sources, as email is a common vector for malware distribution.
•  Backup Your Data: Regularly back up your important data to an outsider device or a secure cloud service. In the event of a malware attack, having a recent backup ensures you can recover your files without succumbing to ransom demands.
•  Network Security: Secure your home or office network with strong encryption, such as WPA3 for Wi-Fi. Change default router passwords, use a strong network passphrase, and disable unnecessary network services to minimize potential entry points for attackers.
•  Web Browsing Hygiene: Exercise caution when browsing the Internet. Avoid visiting untrustworthy websites and refrain from clicking on pop-ups or advertisements that may lead to unsafe content. Consider using browser extensions that enhance security and privacy.
•  Security Education and Awareness: Stay informed about the latest cybersecurity threats and best practices. Educate yourself and your team on how to recognize phishing endeavors and other social engineering tactics used by cybercriminals.

By integrating these security features into your digital habits, you can create a robust defense against malware threats, enhancing the overall security of your data and devices. Regularly reviewing and updating these measures is crucial to always staying one step ahead of evolving cyber threats.

The main ransom note displayed by the SomeOrdinaryGamers Mutahar is:

'::: Greetings From SomeOrdinaryGamers Mutahar :::

Little FAQ:

.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.

.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.

.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.

.4.
Q: How to contact with you?
A: You can write us to our mailboxes: someordinarygamers@nanozebra.com or @ordinarygamers on twitter also i will make video on your hack hxxps://www.youtube.ru/@SomeOrdinaryGamers/videos

.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.

.6.
Q: If I don t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.

.7.
Q: How can we trust you are expert?
A: I make youtube video on hackers for a living i am expert hacker you can see here: hxxps://www.youtube.ru/@SomeOrdinaryGamers/videos

:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.

The message displayed by SomeOrdinaryGamers Mutahar Ransomware as a desktop background is:

Your important files were encrypted!
Please write me to:

someordinarygamers@nanozebra.com
or
@ordinarygamers on twitter

Sincerely, Muhatar, SOG.'