EAF Ransomware
The EAF ransomware is a new strain of malware that was recently spotted by researchers. The ransomware does not appear to belong to any specific family of ransomware, at least under initial observation.
EAF would encrypt popular file types, leaving the contents unreadable. The encrypted files would get a prefix and a suffix added to their original look. A file formerly called "document.docx" would turn into "[encoderdecryption@yandex.ru][alphanumeric string]document.docx.EAF" upon encryption.
The prefix appended to the file is the email of the ransomware operator, followed by the unique victim ID string generated by the ransomware. The appendix is just an additional, fixed .EAF extension.
Once encryption completes, the ransom note is dropped inside "#FILES-ENCRYPTED.txt" - a plain text file placed on the desktop.
The full ransom note goes as follows:
ATTENTION!
At the moment, your system is not protected.
We can fix it and restore files.
To get started, send a file to decrypt trial.
Don't pay any money, when we didn't decrypt trial file.
You can trust us after opening the test file.
To restore the system write to this address:
Email 1: encoderdecryption at yandex dot ru
Email 2: encoderdecryption at gmail dot com