Wuxia Ransomware

A malware threat tracked as the Wuxia Ransomware has been identified by infosec researchers. Analysis of the threat's underlying code has connected it to the VoidCrypt Ransomware family. Wuxia's victims will find themselves unable to access nearly all of the files stored on the compromised device. Indeed, the threat runs a strong encryption routine to render a wide range of filetypes unusable. The goal of the hackers is to then extort the affected users for money in exchange for promising to restore the encrypted files to normal.

As part of its encryption process, Wuxia also will change the original names of the targeted files significantly. The threat appends a victim's ID, an email address, and a new file extension. The email address used in the file names is 'hushange_delbar@outlook.com,' while the new file extension is '.wuxia.' Finally, it will deliver a ransom note with instructions to the victims. The ransom-demanding message will be dropped on the system as a text file named 'Decryption-Guide.txt' and shown in a pop-up window via a file named 'Decryption-Guide.hta.'

Ransom Note's Overview

The messages in the pop-up window and the text file are identical. They state that restoring the encrypted file without the assistance of the attackers is impossible. Victims are instructed to contact the hackers using the same email as the one placed in the file names - 'Hushange_delbar@outlook.com.' As part of the message, affected users must include two files. One should be an encrypted file that the hackers will use to test their ability to unlock the data while the other carries an important key.

According to the note, the key file should be in the C:/ProgramData folder and should be named either 'KEY-SE-24r6t523' or 'RSAKEY.KEY.' After contacting the hackers, victims will be told the amount of the ransom they will have to pay to receive the decryption tool and the RSA decryption key. The second half of the ransom message consists of multiple warnings, such as not using third-party tools to try and unlock the files or hiring firms offering negotiation services, as that could result in additional financial costs for the victim.

The full text of the note is:

'Your Files Are Has Been Locked
Your Files Has Been Encrypted with cryptography Algorithm
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email
Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : KEY-SE-24r6t523 or RSAKEY.KEY) to Make Sure Your Files Can be Restored
Make an Agreement on Price with me and Pay
Get Decryption Tool + RSA Key AND Instruction For Decryption Process

Attention:
1- Do Not Rename or Modify The Files (You May loose That file)
2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )
3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files
4-Do Not Always Trust to Middle mans and negotiators (some of them are good but some of them agree on 4000usd for example and Asked 10000usd From Client) this Was happened

Your Case ID : -
Our Email:Hushange_delbar@outlook.com.'