Aros Ransomware Uses Long Extension
Aros ransomware is a new strain of file-encrypting malware discovered in late October 2022.
Aros behaves like most other ransomware variants. It will encrypt the victim system and append a new extension to encrypted files. A file named "image.png" will turn into "image.png.[ten-digit string].[luckyguys@tutanota.com].ARS" once encrypted.
The encryption process will affect almost every file on connected system drives, including media files, documents, databases, archive files and executables.
Once the encryption process finishes, the ransomware will drop its ransom demands inside a file named "How_to_decrypt_files.txt". The file is placed on the system desktop and its full contents are as follows:
ALL YOUR FILES ENCRYPTED BY AROS RANSOMWARE
--
YOUR FILES ARE SAFE!
WE STRONGLY RECOMMEND you NOT to use any "Decryption Tools".
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price.
If you want to decrypt your files, you have to get RSA private key.
--
To get RSA private key you have to contact us via TOX chat. TOX download site: >> {hxxps://tox.chat/} <<
Our ID: >> {77A904360EA7D74268E7A4F316865F170 3D2D7A6AF28C9ECFACED69CD09C8610FF2C728E6A33} <<
--
If you have any problems with TOX Chat, email us: >> {luckyguys at tutanota dot com or luckyguys at msgsafe dot io} <<
and send us your tell your MachineID: >> - - <<
--
HOW to understand that we are NOT scammers?
You can ask SUPPORT for the TEST-decryption for ONE file!
--
If I don’t want to pay bad people like you?
If you will not cooperate with our service - for us, its does not matter.
But you will lose your time and data, cause only we have the private key.
In practice - time is much more valuable than money.
--
Please contact us before paying.
After the successful payment and decrypting your files, we will give
you FULL instructions HOW to IMPROVE your security system.
We ready to answer all your questions!