ZEUSSEC1337 Ransomware
The ZEUSSEC1337 Ransomware is a malware tool that targets the files of its victims and encrypts them with an uncrackable cryptographic algorithm. As a result of the threatening actions of the ZEUSSEC1337 Ransomware, the impacted users will lose access to their documents, PDFs, archives, audio and video files, databases and many other file types. The locked data will then be used as leverage to extort money from the victims.
The ZEUSSEC1337 threat marks the files it locks by attaching a new extension to the original file names. Instead of using a unified extension for all impacted files, the malware instead generates a new random 4-character string for each file. Two ransom notes detailing the demands of the attackers will be dropped on the breached devices. One of the ransom-demanding messages will be shown in a new desktop background image, while the other will be delivered as a text file named 'Bacabangtxt.'
Both ransom notes provide nearly identical information. They state that victims of ZEUSSEC1337 will have to contact the threat actors and pay a ransom if they want to receive the decryption key necessary for the restoration of their data. They can do so by messaging either the ZEUSSEC1337@GMAIL.COM email or the @ZeusSec1337 Telegram account. According to the instructions shown as a desktop background, victims will have to pay a ransom of $100, but the sum must be in the Indonesian currency Rupiah (IDR).
The full text of the ransom note found inside the text file is:
'ZEUSSEC1337 WAS HERE
SORRY BRO YO UR IMPORTANT FILES ENCRYPTED 🙁
PAY ME BRO FOR BACK YOUR FILES
CONTACT ME BRO 🙁EMAIL:ZEUSSEC1337@GMAIL.COM
TELEGRAM:@ZeusSec1337ZEUSSEC1337 Ransomware's desktop image contains the following message:
ZEUSSEC1337 WAS HERE
OPPS YOUR IMPORTANT FILES ENCRYPTED CONTACT ME FOR BACK YOUR FILES AND PAY FOR ME 100$ IN INDONESIAN CURRENCY
CONTACT ME
EMAIL:ZEUSSEC1337@GMAIL.COM
TELEGRAM:@ZeusSec1337'
