Yalohol Ransomware
Cybercriminals have created another threatening ransomware, which is tracked as the Yalohol Ransomware. The Yalohol Ransomware is a variant based on the Spora Ransomware and is capable of wreaking havoc on the infected devices. The malware can target numerous different file types and render them completely unusable via encryption with a strong cryptographic algorithm. Like with most ransomware attacks, the goal of the hackers is to extort their victims for money. In this, case the cybercriminals are using a double-extortion scheme, as they also claim to collect sensitive data from the breached systems.
The names of all locked files will be changed significantly. Affected users will notice that most of their files now have an ID string, an email address, and a random 4-character string appended to their original names. The email used by the threat is 'yalohol9@gmail.com.' The attackers will then deliver their demands via two files generated on the victims' systems - 'ReadMe_Now!.hta' and 'Read_Me!_.txt.'
The hta file contains an extremely brief message that simply instructs affected users to contact the 'yalohol9@gmail.com' address or a secondary email at 'yalohol@cyberfear.com.' The ransom-demanding message of Yalohol Ransomware's operators can be found in a text file. There, the attackers state that victims must pay a ransom and the only accepted form of payment is Bitcoin. The note also claims that numerous confidential documents, contracts, invoices, and more, have been exfiltrated and are now stored on a server controlled by the threat actors. If victims refuse to pay, the hackers will offer the gathered data for sale to interested third parties. Furthermore, users that take more than 48 hours to transfer the money will need to pay twice the initial amount.
The full text of Yalohol Ransomware's note is:
'All Your Files Encrypted And Sensitive Data Downloaded (Financial Documents,Contracts,Invoices etc.. ).
To Get Decryption Tools You Should Buy Our Decrption Tools And Then We Will Send You Decryption Tools And Delete Your Sensitive Data From Our Servers.
If Payment Is Not Made We have to Publish Your Sensitive Data If Necessary Sell Them And Send Them To Your Competitors And After A While Our Servers Will Remove Your Decrypion Keys From Servers.
Your Files Encrypted With Strongest Encryption Algorithm So Without Our Decryption Tools Nobody Can't Help You So Do Not Waste Your Time In Vain!
Your ID:
Email Address: yalohol9@gmail.com
In Case Of Problem With First Email Write Us E-mail At : yalohol@cyberfear.com
Send Your ID In Email And Check Spam Folder.
This Is Just Business To Get Benefits, If Do Not Contact Us After 48 Hours Decryption Price Will x2.
What Guarantee Do We Give You ?
You Should Send Some Encrypted Files To Us For Decryption Test.
---------------------------------------------------
Attention!
Do Not Edit Or Rename Encrypted Files.
Do Not Try To Decrypt Files By Third-Party Or Data Recovery Softwares It May Damage Files.
In Case Of Trying To Decrypt Files With Third-Party Sofwares,This May Make The Decryption Harder So Prices Will Be Rise.
---------------------------------------------------
How To Buy Bitcoin :
Buy Bitcoin Instructions At LocalBitcoins :
hxxps://localbitcoins.com/guides/how-to-buy-bitcoins
Buy Bitcoin Instructions At Coindesk And Get More Info By Searching At Google :
hxxps://www.coindesk.com/learn/how-can-i-buy-bitcoin/
The HTA message is:
Files Encrypted Need Decrypt ? Contact Us At : yalohol9@gmail.com OR yalohol@cyberfear.com'
