What is Arazite Ransomware?

ransomware

Arazite ransomware is a new ransomware variant that was spotted in the wild in late September 2022. It does not seem to belong to any bigger family.

The ransomware encrypts files on the targeted system and drops a ransom note when encryption is complete. The files that get encrypted include most media, document and archive file types, as well as databases. Once encrypted, files receive the ".arazite" extension, hence the ransomware's name.

The encryption process will turn a file called "document.doc" into "document.doc.arazite" upon successful encryption.

When the ransomware finishes encrypting the system, it deposits its ransom note inside a file called "info.hta". The full ransom note goes as follows:

ALL YOUR DATA TURNED TO USELESS BINARY CODE

Your computer is infected with a virus.

Send an email parazite at tutanota dot com, specify in the subject your unique identifier - and you will definitly be helped to recover.

NOTE:

You can send 2 files as proof that we can return all your data.

If the provided email doesn't work, please contact us at alcmalcolm at cock dot li

Algorithms used are AES and RSA.

IMPORTANT:

1. The infection was due to vulnerabilities in your software.

2. If you want to make sure that it is impossible to recover files using third-party software, do this not on all files, otherwise you may lose all data.

3. Only communication through our email can guarantee file recover for you. We are not responsible for the actions of third parties who promise to help you - most often they are scammers.

4. Please, do not try to rename encrypted files.

5. Our goal is to return your data, but if you don't contact us, we will not succeed.

September 27, 2022