. elpy Ransomware Mimics Pay2Key in New Attacks

▼ Summary
– A system was attacked by the .elpy ransomware, encrypting all files and demanding a large payment for decryption.
– The attackers claim a major IT security weakness allowed the attack and offer a decrypt tool and unique key for purchase.
– Victims are instructed to contact the attackers via email at volume0@tuta for recovery options.
– The ransom note warns against renaming encrypted files or using third-party decryption software, citing risk of permanent data loss.
– The attackers emphasize cooperation, faster response for better terms, and a guarantee of file decryption to protect their reputation.
A new ransomware variant has been detected in the wild, and security researchers are drawing comparisons to the well-known Pay2Key family. The strain, identified as .elpy, has already claimed at least one victim, with a system being locked down and files encrypted across the board.
The attack unfolded recently, and the victim reported that all files were encrypted, followed by an extortion demand for a significant sum in exchange for a decryption tool. The ransom note, a draft of which has been shared, follows a familiar pattern: it warns against renaming encrypted files or using third-party decryption software, claiming such actions could cause permanent data loss.
The note instructs victims to contact the attackers via email at volume0@tuta and emphasizes that the faster a victim responds, the more favorable the terms will be. The attackers also attempt to build credibility by stating, “Our company values its reputation. We give all guarantees of your files decryption.”
This behavior mirrors Pay2Key’s tactics, which often involve leveraging trust-building language and demanding payment for a decryption key. The .elpy variant appears to be exploiting similar psychological and technical strategies to pressure victims into paying.
For now, the primary recommendation is to avoid paying the ransom. Instead, affected users should disconnect infected systems from the network immediately, preserve encrypted files for forensic analysis, and consult with cybersecurity professionals. There is currently no known free decryption tool for .elpy, but security firms are actively studying the strain to identify potential weaknesses.
If you have been hit by this ransomware, do not attempt to decrypt files on your own. Report the incident to local authorities and consider reaching out to specialized recovery services. Time is critical, but so is caution.
(Source: BleepingComputer)