ErrorWindows Ransomware Comes With Ransom Note in Russian

ErrorWindows is a type of ransomware that encrypts victims' data, rendering it inaccessible. We came across ErrorWindows while analyzing new file samples. Our investigation revealed that ErrorWindows belongs to the Xorist family and it alters file names by adding the ".errorwindows" extension.

Similar to many ransomware variants, ErrorWindows displays a ransom note. It generates a file named "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt." Furthermore, this ransomware modifies the desktop background and exhibits a pop-up window with the same ransom message as the text file.

For instance, ErrorWindows alters file names by appending ".errorwindows" to them. For example, "1.jpg" becomes "1.jpg.errorwindows," and "2.png" changes to "2.png.errorwindows," and so on.

The ransom note is composed in Russian and informs victims about their files' encryption while providing recovery instructions. Victims are directed to send an SMS with a specific message to a designated number, although the ransomware doesn't specify the exact number, indicating that it is very likely still in development.

The note mentions a limited number of attempts to enter a code and warns that exceeding these attempts will result in permanent data loss. It also emphasizes the need for caution when entering the code.

ErrorWindows Ransom Note Written in Russian

The complete text of the ransom note generated by ErrorWindows reads as follows:

Внимание! Все Ваши файлы зашифрованы!
Чтобы восстановить свои файлы и получить к ним доступ,
отправьте смс с текстом XXXX на номер YYYY

У вас есть N попыток ввода кода. При превышении этого
количества, все данные необратимо испортятся. Будьте
внимательны при вводе кода!

How Can You Protect Your Data from Ransomware Attacks?

Protecting your data from ransomware attacks is crucial to prevent the loss of valuable information and potential financial damage. Here are steps and best practices to help safeguard your data against ransomware:

Regularly Backup Your Data:
Perform regular backups of your critical data and ensure they are stored offline or in a secure, isolated environment. This makes it possible to restore your data without paying a ransom.

Use Reliable Security Software:
Install reputable antivirus and anti-malware software on all your devices and keep them up to date. This software can help detect and prevent ransomware infections.

Keep Operating Systems and Software Updated:
Regularly update your operating system, applications, and software to patch security vulnerabilities that cybercriminals might exploit.

Implement Strong Email Security:
Be cautious when opening email attachments or clicking on links, especially if the sender is unknown. Cybercriminals often use phishing emails to distribute ransomware. Use email filtering solutions to block suspicious emails.

Educate and Train Employees:
Train your employees on how to recognize phishing attempts and suspicious emails. They should understand the importance of not clicking on unknown links or downloading attachments from unfamiliar sources.

Limit User Privileges:
Restrict user permissions to the minimum necessary for their roles. Users should not have administrative access unless required, as ransomware often gains higher-level access through compromised admin accounts.