6y8dghklp Ransomware Encrypts Files

Our researchers came across the 6y8dghklp ransomware while examining recent submissions. This malicious software belongs to the Phobos ransomware family.

On our test system, the 6y8dghklp ransomware encrypted files and altered their file names. It appended the original names with a unique identifier assigned to the victim, the email address of the cybercriminals, and added a ".6y8dghklp" extension. As an illustration, a file initially labeled "1.jpg" would be transformed into "1.jpg.id[9ECFA84E-3481].[datarecoverycenterOPG@onionmail.org].6y8dghklp" after the encryption process.

Upon completing the encryption, ransom demands were presented through a pop-up window named "info.hta" and a text file named "info.txt." The ransom note in the text file simply notifies the victim that their data has been encrypted and encourages them to reach out to the attackers for decryption.

The message in the pop-up window provides further details regarding the ransomware attack. It makes it clear that file recovery requires the payment of a ransom in Bitcoin cryptocurrency. Before making the payment, the victim has the option to test decryption by sending up to five locked files to the cybercriminals (with certain specifications).

The note concludes with warnings. The victim is cautioned that renaming the affected files or using third-party software may lead to permanent data loss. Furthermore, seeking assistance from third parties may expose the victim to potential scams and increased financial loss.

6y8dghklp Ransom Note in Full

The complete text of the ransom note generated by the 6y8dghklp ransomware reads as follows:

All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail datarecoverycenterOPG@onionmail.org
Write this ID in the title of your message -
In case of no answer in 24 hours write us to this e-mail:datarecoverycenterOPG2023@onionmail.org
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.

Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

What Are the Most Common Infection Vectors for Ransomware?

Ransomware can infiltrate computer systems through various infection vectors. While the tactics used by cybercriminals are continually evolving, some common infection vectors for ransomware include:

  • Phishing Emails: Phishing emails remain one of the most prevalent ways ransomware is delivered. Cybercriminals send deceptive emails with malicious attachments or links. When recipients open these attachments or click on the links, ransomware can be executed on their systems.
  • Malicious Email Attachments: Ransomware may be hidden in email attachments such as PDFs, Word documents, Excel files, or ZIP archives. These attachments often contain malicious macros or scripts that, when enabled, initiate the ransomware infection.
  • Drive-By Downloads: Visiting compromised or malicious websites can result in drive-by downloads. These occur when malware is automatically downloaded and installed onto your system without your knowledge or consent, simply by visiting a compromised website.
  • Malvertising: Malicious advertising (malvertising) involves cybercriminals placing infected ads on legitimate websites. Clicking on these ads can lead to ransomware infections.
  • Social Engineering: Cybercriminals use social engineering techniques to manipulate individuals into taking specific actions. For instance, they may impersonate a trusted entity or authority figure, tricking victims into running malicious code or providing login credentials.
  • Exploiting Software Vulnerabilities: Ransomware can exploit vulnerabilities in software applications, including the operating system and other software. If you don't keep your software up-to-date with security patches, you become more susceptible to these attacks.
  • Remote Desktop Protocol (RDP) Attacks: Cybercriminals may use brute-force attacks or stolen credentials to gain unauthorized access to systems via RDP. Once inside, they can deploy ransomware.
  • Malicious Links: Ransomware can be delivered through links in emails, instant messages, or on social media platforms. Clicking on these links can lead to the download and execution of ransomware.
  • Infected Software or Downloads: Downloading software or files from untrustworthy sources, particularly cracked software, pirated content, or torrents, can introduce ransomware onto your system.
  • Exploiting Network Vulnerabilities: Ransomware can propagate within a network if one computer is infected. Weak network security and insufficient network segmentation can allow ransomware to move laterally and infect multiple devices.
By Zaib
September 11, 2023
Ransomware
English
September 11, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Snick Ransomware Encrypts Several Files

Snick Ransomware is a dangerous malware threat that comes from the Makop family of malware threats. The actions of Snick Ransomware start with seeking out certain files, encrypting them, and then appending the .snick... Read more

March 3, 2022
Ransomware

Malicious Bttu Ransomware Encrypts Files On Infected PCs

Bttu Ransomware is a form of malicious software, or malware, that infects computers and locks down files and data, demanding a ransom payment from the user in order to gain access to their information. It is capable... Read more

December 19, 2022
Ransomware

Uudjvu Ransomware Encrypts Files

The Uudjvu ransomware presents a unique cyber threat through its file encryption process, which appends the .uudjvu file marker to locked data, rendering it unreadable. Unlike typical ransomware infections that lock... Read more

June 27, 2023
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.