STEEL Ransomware
The STEEL Ransomware is a powerful, threatening tool that can severely impact infected systems. The threat encrypts numerous file types and adds a unique victim's ID, the 'codeofhonor@tuta.io' email address, and the '.STEEL' extension to the names of the locked files. For example, if a file was previously named '1.jpg,' it will be renamed as '1.jpg.id[ID String].[codeofhonor@tuta.io].STEEL.' Analysis of the threat has determined that the STEEL Ransomware is a variant from the Phobos malware family.
In addition, the STEEL Ransomware provides two ransom notes to its victims: 'info.hta' and 'info.txt.' These notes contain instructions on how victims can pay the ransom to regain access to their encrypted files. However, paying the ransom does not guarantee that victims will get their files back, so it is best to avoid paying it altogether and seek alternative solutions for recovering the data from backups or other sources.
STEEL Ransomware's Demands
The victims of the STEEL Ransomware are told to contact the threat actors via email ('codeofhonor@tuta.io') or Telegram ('@Stop_24') with their ID number to receive further instructions. In addition, the affected users or organizations can send up to five files of no more than 4 MB in size for free decryption. It is essential that these files do not contain valuable information and that they are not renamed or tampered with using third-party software, as this could cause permanent damage. According to the ransom notes dropped by the threat, the threat actors will accept only payments made using the Bitcoin cryptocurrency.
How Threats Like the STEEL Ransomware Infect Computers?
Ransomware is threatening software that can infect your computer and encrypt most of its data. The goal is to extort money from unsuspecting users by demanding payment in exchange for unlocking their data. Computer users need to understand the different attack vectors used to spread ransomware. Attack vectors are methods of transport used by attackers to deliver corrupted code or content onto victims' computers or networks. Common attack vectors include social engineering tactics such as phishing emails, corrupted webpages, compromised software downloads and hacked Remote Desktop Protocol (RDP) connections.
The main ransom note dropped by the STEEL Ransomware contains the following message:
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail codeofhonor@tuta.io
Write this ID in the title of your message -
If you do not receive a response within 24 hours, please contact us by Telegram.org account: @Stop_24
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.The text file of the treat delivers the following instructions:
!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: codeofhonor@tuta.io.
If we don't answer in 24h, send messge to telegram: @Stop_24'
