Adfuhbazi Ransomware Will Lock All Your Files

During our analysis of new malware submissions, our researchers came across Adfuhbazi, a ransomware program belonging to the Snatch ransomware family. This particular malicious software encrypts files and adds a ".adfuhbazi" extension to their filenames. For example, a file named "1.jpg" would be transformed into "1.jpg.adfuhbazi," and "2.png" would become "2.png.adfuhbazi," and so on for all encrypted files.

Following the encryption process, a ransom note titled "HOW TO RESTORE YOUR ADFUHBAZI FILES.TXT" is generated. The contents of the message indicate that this ransomware primarily targets large organizations rather than individual users. The ransom note, addressed to the victim as "management," informs them that their files have been encrypted and that over 200GB of data has been extracted from the compromised network. The stolen data includes sensitive information such as accounting data, confidential documents, client databases, and personal records.

The note explicitly advises against using third-party decryption tools, emphasizing that such tools would render the encrypted data irretrievable. Furthermore, the message serves as a warning, stating that if the victim fails to contact the attackers within three days, the stolen data is likely to be publicly disclosed.

Adfuhbazi Ransomware Targeting Businesses

The full text of the ransom note used by the Adfuhbazi makes it clear that the ransomware targets businesses. The full note reads as follows:

Dear Management!

We inform you that your network has undergone a penetration test, during which we encrypted
your files and downloaded more than 200 GB of your data, including:

Accounting
Confidential documents
Personal data
Clients databases

Important! Do not try to decrypt files yourself or using third-party utilities.
The program that can decrypt them is our decryptor, which you can request from the contacts below.
Any other program can only damage files.

Please be aware that if we don't receive a response from you within 3 days, we reserve the right to publish your files.

Contact us:

777doctor@proton.me or 777doctor@swisscows.email

How is Ransomware Like Adfuhbazi Deployed on Victim Systems?

The deployment of ransomware like Adfuhbazi on victim systems typically involves various techniques and strategies employed by cybercriminals. While the specific methods may vary, here is a general overview of how ransomware is commonly deployed:

Phishing Emails: One common method is through phishing emails, where attackers send deceptive emails impersonating legitimate entities or containing malicious attachments. These emails may trick recipients into opening infected attachments or clicking on malicious links, which then initiate the ransomware download.

Exploit Kits: Cybercriminals can exploit vulnerabilities in software, operating systems, or web browsers to deliver ransomware. They utilize exploit kits, which are automated tools that can identify and exploit security weaknesses, allowing the ransomware to be silently downloaded and executed on the victim's system.

Malvertising: Malicious advertisements, also known as malvertisements, can be injected into legitimate websites or ad networks. When users click on these ads, they may unknowingly trigger the download and execution of ransomware.

Remote Desktop Protocol (RDP) Attacks: Attackers may target systems with weak or compromised Remote Desktop Protocol configurations. By gaining unauthorized access to the victim's system, they can manually install and execute ransomware.

Software Vulnerabilities: Ransomware developers often exploit security vulnerabilities in commonly used software. If a user fails to update their software promptly, it can leave their system exposed to these vulnerabilities, allowing ransomware to be installed.

Drive-by Downloads: Malicious code can be injected into compromised or malicious websites. When users visit these websites, the ransomware may be downloaded and executed without their knowledge or consent.

It is crucial for individuals and organizations to implement robust security measures, such as regularly updating software, using strong passwords, employing email filtering systems, and educating users about safe online practices, to mitigate the risk of ransomware infections.

By Zaib
May 19, 2023
Ransomware
English
May 19, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

DARKY LOCK Ransomware

DARKY LOCK ransomware is the name of a newly discovered strain of file-encrypting malware. According to researchers, the new variant is a member of the Babuk family of ransomware clones. DARKY LOCK will perform as... Read more

July 12, 2022
Ransomware

GAZPROM Ransomware Will Lock Your Files

GAZPROM is a form of malware that utilizes the code of the CONTI ransomware to encrypt data and demand a ransom in exchange for its decryption. We tested GAZPROM on a testbed and observed that it appended the... Read more

May 5, 2023
Ransomware

Rorschach Ransomware Will Lock Victim Files

Ransomware called Rorschach or BabLock is utilized by cyber attackers to encrypt files, particularly targeting small and medium-sized businesses, as well as industrial companies. In addition to encrypting data, this... Read more

April 7, 2023
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.