Empire Ransomware Locks Victim Systems
In the course of reviewing new file samples, a ransomware known as Empire was identified. Empire employs encryption to hinder victims from accessing their files and adds the ".emp" extension to filenames. For instance, it changes "1.jpg" to "1.jpg.emp," "2.png" to "2.png.emp," and so on.
Furthermore, Empire generates a file named "HOW-TO-DECRYPT.txt," which serves as a ransom note. The attackers claim to have securely encrypted all the files on the victim's computer using their proprietary software, asserting that only a specific key and decryptor in their possession can restore the files. To recover the encrypted data, victims are instructed to purchase the decryptor through a provided link on a Telegram bot.
In case the bot is unavailable, an alternative communication method is offered via email (howtodecryptreserve@proton.me). The note strongly advises against attempting to independently recover the files, as it may result in irreversible damage. Additionally, victims are warned not to turn off their computer until the decryption process is completed.
Empire Ransom Note Contains List of Encrypted Files
The full text of the Empire ransom note goes as follows:
Empire welcomes you!
All your files are securely encrypted by our software.
Unfortunately, nothing will be restored without our key and decryptor.
In this regard, we suggest you buy our decryptor to recover your information.
To communicate, use the Telegram bot at this linkhxxps://t.me/how_to_decrypt_bot
If the bot is unavailable, then write to the reserve email address: HowToDecryptReserve@proton.me
There you will receive an up-to-date contact for personal communication.
Do not try to recover files yourself, they may break and we will not be able to return them, also try not to turn off your computer until decryption.
Your ID is -(list of encrypted files)
How Can You Protect Your Sensitive Data from Ransomware?
Protecting sensitive data from ransomware requires a combination of proactive measures and best practices. Here are some key steps to help safeguard your data from ransomware attacks:
Regular Backups:
Perform regular backups of your important data and ensure they are stored securely.
Use a combination of local and offsite backups to mitigate the risk of both local and network-based ransomware attacks.
Verify the integrity of your backups and regularly test the restoration process.
Update Software:
Keep your operating system, antivirus software, and all applications up to date with the latest security patches.
Enable automatic updates whenever possible to ensure timely protection against known vulnerabilities.
Use Reliable Security Software:
Install reputable antivirus and anti-malware software on your system.
Keep security software definitions up to date to detect and block new threats.
Email Security:
Implement email filtering solutions to block malicious emails and attachments.
Configure email systems to display file extensions and warn users about potential threats.
Network Security:
Use firewalls to monitor and control incoming and outgoing network traffic.
Segment your network to contain the spread of ransomware in case of an infection.
