Ust29 Ransomware
Cybersecurity researchers have found another Dharma Ransomware variant being unleashed in the wild. The threat has been named the Ust29 Ransomware, and its goal is to infiltrate targeted computers and lock the data stored there. Numerous file types, such as documents, PDFs, audio and video, databases, archives, and more, will be rendered completely unusable.
In addition, each encrypted file will have its original name modified to a significant degree. Victims will notice that nearly all of their files now have an unfamiliar string of characters and an email address added to their names. The string acts as the ID assigned to the specific victim, while the email - 'ust29@aol.com,' is intended to be used as a way to contact the attackers. Finally, the threat will append '.ust29' as a new file extension. Victims will be left with two ransom notes. The main ransom-demanding message will be displayed in a pop-up window, while a far shorter message will be dropped on the system as a 'FILES ENCRYPTED.txt' text file.
Both notes leave a lot of important details out. They do not mention the exact sum that the hackers demand to receive as a ransom. Nor do the emails reveal if victims are allowed to send a couple of encrypted files to be unlocked for free as a demonstration of the attackers' ability to restore all affected data. Instead, they simply state that the victims should contact the aforementioned 'ust29@aol.com' email or, in case they do not receive an answer within 12 hours, the secondary email at 'ust29@nerdmail.co.'
The message found in the text file left by Ust29 Ransomware is:
'all your data has been locked us
You want to return?
write email ust29@aol.com or ust29@nerdmail.coThe instructions shown in the pop-up window are:
YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email ust29@aol.com YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:ust29@nerdmail.co
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
