Architects Ransomware Seems to Target Businesses

During our analysis of new submissions, our research team came across a malicious program named Architects. This program falls under the category of ransomware, a type of malware that encrypts data and demands ransoms for its decryption.

On our test machine, Architects successfully encrypted files and altered their filenames by adding a ".architects" extension. For instance, a file named "1.jpg" became "1.jpg.architects", and "2.png" was transformed into "2.png.architects", and so on for all affected files. Upon completing the encryption process, the ransomware generated a message named "readme.txt," demanding a ransom.

The ransom note left by Architects notifies the victim about the encryption of their files and cautions against attempting to use third-party decryption tools. Moreover, the message claims that sensitive information from the system has been exfiltrated. The victim is further warned that if they refuse to cooperate with the attackers, the stolen content will be exposed publicly.

Architects Ransom Note Lists No Specific Ransom Sum

The full text of the Architects ransom note reads as follows:

Your servers is LOCKED. Do not try to use other software.
Sensitive data on your system was downloaded and it will be published if you refuse to cooperate.
You can contact us directly for further instructions through emails:

sudorocky@tutanota.com
sudorocky@protonmail.com

In subject write your personal id (below).

Recovery information:
key: -
personal id: -

How is Ransomware Like Architects Distributed Online?

Ransomware, like Architects, is typically distributed online through various methods. These distribution techniques often exploit human vulnerabilities, software vulnerabilities, or both. Here are some common ways ransomware like Architects is distributed online:

• Phishing Emails: One of the most prevalent methods of distributing ransomware is through phishing emails. Cybercriminals send deceptive emails that appear legitimate, containing malicious links or infected attachments. When users click on these links or open the attachments, the ransomware is executed on their system.
• Malicious Websites and Ads: Cybercriminals may compromise legitimate websites or create fake websites that host malicious code. Users who visit these sites might unknowingly download ransomware onto their devices. Similarly, malicious advertisements (malvertising) on legitimate websites can lead users to malicious sites where ransomware is distributed.
• Exploit Kits: Ransomware can be distributed through exploit kits, which are toolkits that leverage known vulnerabilities in software. When users visit compromised or malicious websites, these exploit kits automatically detect and exploit vulnerable software to deliver ransomware.
• Remote Desktop Protocol (RDP) Attacks: Cybercriminals target RDP services with weak passwords or security flaws. Once they gain access, they deploy ransomware on the compromised systems.
• Drive-By Downloads: In drive-by download attacks, ransomware is automatically downloaded and installed on a user's device when they visit a compromised or malicious website, without any user interaction or awareness.
• Malicious Email Attachments and Links: Ransomware can be delivered as attachments or links in emails that prompt users to download or open them. These emails may masquerade as invoices, shipping notifications, or other seemingly legitimate communications.