Youneedtopay Ransomware
Cybersecurity experts are identifying more ransomware threats that are being used in attack campaigns continuously. One of the latest threats of this type that is aiming to take its victims' data as a hostage is named the Youneedtopay Ransomware. The strong encryption process of the threat ensures that all affected files will remain locked and unusable unless victims obtain the necessary decryption keys from the hackers.
Users hit by the Youneedtopay Ransomware will notice that nearly all of their files now have changed names. Indeed, the threat will append '.youneedtopay' to the original name of each encrypted file. Furthermore, the malware also will change the default desktop wallpaper of the system with one of its own displaying a short ransom note. A far more lengthy set of instructions will be delivered to the infected device, inside a text file named 'READ_THIS.txt.'
Ransom Note's Details
The desktop image deployed by the Youneedtopay Ransomware simply tells its victims to find and read the text file with the proper ransom note. Opening the 'READ_THIS.txt' file reveals that the cybercriminals demand to be paid a ransom worth exactly $500. However, they only accept payments in Bitcoin, arguably the most widely-known cryptocurrency. The money must be transferred to the crypto-wallet address found in the note.
The bulk of the hackers' message consists of instructions on how to obtain and send Bitcoins. The note details two different methods specifically. Either way, affected users will have to contact the attackers by sending a message to the 'marlin432@mail.com' email address.
The full text of Youneedtopay ransomware's note is:
'Your computer is locked!
If you would like to receive your files back you will have to pay us $500.
We have only one payment option which is Bitcoin.Send $500 to the following address:
Payment Method #1 - Cardcoins (easy)(UNITED STATES ONLY)
Step 1: Go to map.cardcoins.co on your browser and see if your state is green,
if it is, proceed to step #2, if it is red, continue reading.
If your state is red, then you must buy a VPN and change your location to a
city or state that is green.
nordvpn.com and expressvpn.com are pretty good.Step 2:Go to a local retailer like CVS, Wallgreens ,etc. and purchase a
non reloadable gift card for $500.
You will need to keep the packaging and receipt
(DO NOT OPEN THE PACKAGING UNTIL STEP 3)
Look for brands like VanillaStep 3:Go to carcoins.co and follow the instructions
You will need a pen and your phone.
Send the money to this addressPlease double check the sending address.
Step 4:Send the confirmation that you got from cardcoins to the following email:
marlin432@mail.com
Please wait up to 24 hours for us to confirm your transaction.
Once we confirm your transaction we will send you the decryption software to unlock
your files.Payment Method #2 - Bitcoin ATM (easy)
Step 1: Google Bitcoin ATMS near me
Step 2: Go to one of the atms and send $500 to the following address
Step 3:Send the confirmation that you got from the atm to the following email:
marlin432@mail.com
Please wait up to 24 hours for us to confirm your transaction.
Once we confirm your transaction we will send you the decryption software to unlock
your files.Payment Method #3 - Online Bitcoin Exchange (hard)
Step 1: Register for a online bitcoin exchange of your linking.
We recommend coinbase.comStep 2: Register on the exchange and send $500 to the following address
For coinbase, we recommend you add your bank account, since that will speed things up
Step 3:Send the confirmation that you got from the atm to the following email:
marlin432@mail.com
Please wait up to 24 hours for us to confirm your transaction.
Once we confirm your transaction we will send you the decryption software to unlock
your files.The message delivered via the wallpaper image is:
YOUR COMPUTER HAS BEEN LOCKED!
DOUBLE CLICK ON READ_THIS.txt FOR FURTHER INSTRUCTIONS.'
