New Ransomware Encrypts Files with .enc, .iv, and .salt Extensions
▼ Summary
– Your data has been stolen and encrypted, and it will be published online if you do not pay the ransom.
– The attackers claim they are motivated solely by money and promise to provide decryption tools and erase your data upon payment.
– They emphasize their reputation depends on fulfilling promises to ensure future payments from other victims.
– Instructions are provided to contact them via qTOX, decrypt one file for free, and pay in Bitcoin using specific steps and their provided address.
– Warnings are issued not to delete or modify files to avoid recovery issues, and that delays or non-payment may lead to permanent data loss or repeated attacks.
Your data has been seized and locked down by a new ransomware strain that appends .enc, .iv, and .salt extensions to your files. This attack is financially motivated, with the threat actors demanding payment in Bitcoin to prevent the public release of your sensitive information. The group claims they operate purely for profit, not political reasons, and insist that paying will result in the delivery of decryption tools and the deletion of stolen data.
According to the attackers, their business relies on maintaining credibility. They argue that if they fail to provide decryption or delete data after payment, future victims would refuse to pay, harming their operations. They emphasize that their reputation is crucial, stating they have attacked organizations globally and received no complaints from those who complied.
To begin the process, victims must first establish contact using the qTox messaging client, available for download at the official qTox website. After installation, users should message the provided Tox ID and include their unique hardware identification string. The attackers promise to respond, though they note that delays may occur due to the volume of companies they are currently targeting.
A free test decryption of one file is offered to prove their capability, using the victim’s personal HWID. This step is intended to build trust before any financial transaction takes place.
Payment must be made in Bitcoin. The instructions are clear: acquire BTC through a platform like Coinbase, Binance, or Kraken, set up a secure wallet such as Electrum or Mycelium, and transfer the required amount to the Bitcoin address provided via Tox chat. After sending, users must share the transaction ID for verification. Upon confirmation, the decryption tools will be supplied, and data deletion will be confirmed.
The message ends with a stern warning: do not delete or modify any encrypted files, as this may complicate or prevent recovery. Additionally, the group threatens repeated attacks against non-compliant organizations, stressing that delays could lead to permanent data loss.
(Source: Bleeping Computer)
