Adfuhbazi Ransomware Will Lock All Your Files
During our analysis of new malware submissions, our researchers came across Adfuhbazi, a ransomware program belonging to the Snatch ransomware family. This particular malicious software encrypts files and adds a ".adfuhbazi" extension to their filenames. For example, a file named "1.jpg" would be transformed into "1.jpg.adfuhbazi," and "2.png" would become "2.png.adfuhbazi," and so on for all encrypted files.
Following the encryption process, a ransom note titled "HOW TO RESTORE YOUR ADFUHBAZI FILES.TXT" is generated. The contents of the message indicate that this ransomware primarily targets large organizations rather than individual users. The ransom note, addressed to the victim as "management," informs them that their files have been encrypted and that over 200GB of data has been extracted from the compromised network. The stolen data includes sensitive information such as accounting data, confidential documents, client databases, and personal records.
The note explicitly advises against using third-party decryption tools, emphasizing that such tools would render the encrypted data irretrievable. Furthermore, the message serves as a warning, stating that if the victim fails to contact the attackers within three days, the stolen data is likely to be publicly disclosed.
Adfuhbazi Ransomware Targeting Businesses
The full text of the ransom note used by the Adfuhbazi makes it clear that the ransomware targets businesses. The full note reads as follows:
We inform you that your network has undergone a penetration test, during which we encrypted
your files and downloaded more than 200 GB of your data, including:
Important! Do not try to decrypt files yourself or using third-party utilities.
The program that can decrypt them is our decryptor, which you can request from the contacts below.
Any other program can only damage files.
Please be aware that if we don't receive a response from you within 3 days, we reserve the right to publish your files.
firstname.lastname@example.org or email@example.com
How is Ransomware Like Adfuhbazi Deployed on Victim Systems?
The deployment of ransomware like Adfuhbazi on victim systems typically involves various techniques and strategies employed by cybercriminals. While the specific methods may vary, here is a general overview of how ransomware is commonly deployed:
Phishing Emails: One common method is through phishing emails, where attackers send deceptive emails impersonating legitimate entities or containing malicious attachments. These emails may trick recipients into opening infected attachments or clicking on malicious links, which then initiate the ransomware download.
Exploit Kits: Cybercriminals can exploit vulnerabilities in software, operating systems, or web browsers to deliver ransomware. They utilize exploit kits, which are automated tools that can identify and exploit security weaknesses, allowing the ransomware to be silently downloaded and executed on the victim's system.
Malvertising: Malicious advertisements, also known as malvertisements, can be injected into legitimate websites or ad networks. When users click on these ads, they may unknowingly trigger the download and execution of ransomware.
Remote Desktop Protocol (RDP) Attacks: Attackers may target systems with weak or compromised Remote Desktop Protocol configurations. By gaining unauthorized access to the victim's system, they can manually install and execute ransomware.
Software Vulnerabilities: Ransomware developers often exploit security vulnerabilities in commonly used software. If a user fails to update their software promptly, it can leave their system exposed to these vulnerabilities, allowing ransomware to be installed.
Drive-by Downloads: Malicious code can be injected into compromised or malicious websites. When users visit these websites, the ransomware may be downloaded and executed without their knowledge or consent.
It is crucial for individuals and organizations to implement robust security measures, such as regularly updating software, using strong passwords, employing email filtering systems, and educating users about safe online practices, to mitigate the risk of ransomware infections.