Ahgr Ransomware is Based on Djvu Code

During our analysis of malware samples, we came across Ahgr, a variant of ransomware belonging to the Djvu family. Ahgr operates by encrypting files and modifying their names with the addition of the ".ahgr" extension. Additionally, it generates a ransom note in the form of a text file named "_readme.txt".

For instance, a file originally named "1.jpg" would be transformed into "1.jpg.ahgr", while "2.png" would become "2.png.ahgr," and so forth. It is worth noting that Ahgr, as part of the Djvu ransomware family, may be distributed in conjunction with information-stealing malware such as Vidar and RedLine.

The ransom note endeavors to assure victims that they have the means to recover all their files. It claims that a variety of files, including pictures, databases, documents, and other vital data, have been encrypted using a strong encryption technique and a unique key. The only avenue for restoring the encrypted files is by purchasing a decryption tool along with a unique key.

To instill confidence, the ransomware operators provide a demonstration of their capabilities. They allow victims to send one encrypted file from their computers, which will be decrypted free of charge. However, this offer is limited to decrypting only one file that does not contain valuable information.

The ransom note also specifies the price for obtaining the private key and decryption software, initially set at $980. However, if victims contact the attackers within the first 72 hours, a 50% discount is offered, reducing the price to $490. The note instructs victims to reach out to the attackers via email at support@freshmail.top or datarestorehelp@airmail.cc.

How Can You Safeguard Your Data Against Ransomware?

Safeguarding your data against ransomware is crucial to protect yourself from potential attacks. Here are some essential measures you can take:

• Backup Your Data: Regularly back up all your important files and data to an external storage device or a cloud-based backup service. Ensure that your backups are separate from your primary system and disconnected when not in use to prevent them from being compromised during an attack.
• Keep Your Software Updated: Maintain up-to-date operating systems, applications, and security software on all your devices. Install the latest patches and security updates to address any known vulnerabilities that ransomware may exploit.
• Be Cautious of Email Attachments and Links: Exercise caution when opening email attachments or clicking on links, especially if they are from unknown or suspicious sources. Be vigilant for phishing attempts and verify the legitimacy of email senders before interacting with their content.
• Use Reliable Security Software: Install reputable antivirus and anti-malware software on your devices. Keep the software updated to ensure it can detect and block the latest ransomware threats effectively.
• Enable Pop-up Blockers: Configure your web browsers to block pop-ups or use browser extensions that provide additional protection against malicious advertisements and drive-by downloads.
• Implement Network Security Measures: Utilize firewalls and intrusion detection systems (IDS) to monitor and control incoming and outgoing network traffic. Employ secure Wi-Fi protocols, change default passwords, and disable remote management features on your routers to minimize the risk of unauthorized access.
• Educate Yourself and Your Users: Stay informed about the latest ransomware threats and educate yourself and your users about best practices for cybersecurity. Train employees or family members to recognize phishing emails, suspicious websites, and potentially harmful downloads.
• Use Strong, Unique Passwords: Create strong passwords for your accounts and ensure that each account has a unique password. Consider using a reputable password manager to securely store and generate complex passwords.