U2K Ransomware
Infosec researchers are warning users about a ransomware threat named the U2K Ransomware. The malware is capable of affecting numerous file types, and its encryption routine will leave the targeted files unusable completely. Each encrypted file also will have '.U2K' added to its original name. Affected users also will notice that a text file named 'ReadMe.txt' has appeared on the infected devices. The file contains a ransom note with instructions from U2K Ransomware's operators. It should be pointed out that the threat appears to be almost entirely identical to a previously identified malware known as the MME Ransomware.
The ransom note left by U2K leaves out many important details. It doesn't reveal the amount that the attackers want to be paid as a ransom or if only payments made using a specific cryptocurrency will be accepted. Instead, the message mostly focuses on getting the victims to visit two dedicated websites belonging to the hacker group. The main site appears to be the one hosted on the TOR network. However, at the end of the note, the cybercriminals also provide a link to a page that can be accessed normally. Of course, users should avoid initiating any communication with cybercriminals, as doing so could expose them to additional risks.
The full text of the ransom note left by U2K Ransomware is:
'Attention!
All your files, documents, photos, databases and other important files are encrypted
The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files.
The server with your decryptor is in a closed network TOR. You can get there by the following ways:
----------------------------------
1. Download Tor browser - hxxps://www.torproject.org/
2. Install Tor browser
3. Open Tor Browser
4. Open link in TOR browser: hxxp://u2kqti2utfaiefucegnmd6yh6hledbsfanaehhnnn3q5usk6bvndahqd.onion/?301BDPGHJLM
5. and open ticket
----------------------------------
Alternate communication channel here: hxxps://yip.su/2QstD5'
