SRC Ransomware
During their investigation of malware threats, cybersecurity researchers identified a specific ransomware known as SRC. Once the SRC Ransomware infiltrates a victim's device, it begins encrypting various file types. It then modifies the original filenames by appending a unique victim ID, the email address 'restoreBackup@cock.li,' and the. 'SRC' extension.
In addition to file encryption, the SRC Ransomware switches the desktop wallpaper image and drops a ransom note on the device. The ransom-demanding message is stored in a text file named '+README-WARNING+.txt.' For example, SRC Ransomware changes the filename '1.doc' to '1.doc.[2AF25FA3].[RestoreBackup@cock.li].SRC' and '2.pdf' to '2.pdf.[2AF25FA3].[RestoreBackup@cock.li].SRC.'
Experts have confirmed that this particular ransomware is part of the Makop malware family.
The SRC Ransomware may Leave Victims Unable to Access Their Own Data
The ransom note left by the SRC Ransomware informs its victims that their files have been encrypted but assures that the file structure remains intact to avoid data damage. It states that a payment is necessary to decrypt the files and offers to decrypt two sample files to prove their capability. The note provides an email address (restoreBackup@cock.li) and a TOX ID for contacting the attackers.
Additionally, the ransom note advises victims against attempting to alter the encrypted files or using third-party decryption tools, as these actions may result in permanent data loss.
Once the ransomware encrypts files on a computer, those files become inaccessible until a decryption tool is used. Typically, only the attackers possess the necessary decryption tool. However, paying the ransom is risky because the attackers may not provide the decryption tool. Moreover, contacting the cybercriminals can expose users to various privacy and security risks.
It is crucial to remove the ransomware from the affected systems to prevent it from spreading to other networked computers or further encrypting files on the same system. However, removing the ransomware will not restore the files that have already been encrypted.
Implement Potent Security Measures to Protect Your Devices against Malware and Ransomware Threats
To protect their devices against malware and ransomware threats, users are strongly advised to implement the following security measures:
Regular Backups:
Frequent Backups: Regularly back up important data to external drives or cloud storage. Ensure backups are kept offline or are air-gapped to prevent ransomware from encrypting them.
Backup Testing: Periodically test backups to ensure that data can be restored successfully.
Anti-Malware Software:
Comprehensive Protection: Install reputable anti-malware software that provides real-time protection and regular updates.
Regular Scans: Conduct full system scans frequently to detect and remove potential threats.
Software Updates:
Timely Updates: Keep the operating system software up to date with the latest security patches.
Automatic Updates: Enable automatic updates where possible to ensure timely patching of vulnerabilities.
Email Security:
Spam Filters: Use robust spam filters to block phishing emails and malicious attachments. Caution with Attachments: Avoid accessing email attachments and links from unknown or suspicious sources.
Network Security:
Firewalls: Enable and configure firewalls to monitor and control incoming and outgoing network traffic.
Secure Connections: Use VPNs to secure internet connections, especially when using public Wi-Fi.
Access Controls:
User Privileges: Limit user privileges to the minimum necessary to perform their tasks, reducing the impact of potential infections.
Strong Passwords: Implement efficacious, unique passwords for all accounts and change them regularly. Use multi-factor authentication (MFA) for an added layer of security.
Security Awareness Training:
Employee Training: Educate employees and users about the risks of malware and ransomware, safe internet practices, and how to recognize phishing attempts.
Ongoing Education: Provide continuous security awareness training to keep users enlightened about the latest threats and prevention techniques.
Application Control:
Whitelisting: Enact application whitelisting to ensure that only approved software can run on the network.
Monitoring: Regularly monitor installed applications and remove any that are unnecessary or suspicious.
By implementing these comprehensive security measures, users can avoid malware and ransomware infections and protect their data and devices from potential threats.
The text of the ransom note generated by SRC Ransomware is:
'::: Greetings :::
Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen..2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us..3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee..4.
Q: How to contact with you?
A: You can write us to our mailbox: RestoreBackup@cock.li
Or you can contact us via TOX: -
You don't know about TOX? Go to hxxps://tox.chat.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files..6.
Q: If I don t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.'
