Ert Ransomware Comes With Russian Ransom Note

Ert is a malicious software from the Xorist ransomware lineage, designed to encrypt data and demand payment for decryption.

When we ran a sample of Ert on our testing environment, it encrypted files and appended a ".ert" extension to their filenames. For instance, a file originally named "1.jpg" became "1.jpg.ert," and "2.png" became "2.png.ert," and so on.

Subsequently, the ransomware generated identical ransom notes in both a pop-up window and a text file named "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt." It's important to note that on systems lacking the Cyrillic alphabet, the text in the pop-up window may appear as random characters.

The message from Ert notifies the victim about the encryption of their files, with recovery dependent on decryption keys held by the attackers. The note instructs victims to email the cybercriminals. Failure to establish contact by the specified date will result in the deletion of decryption keys, rendering the files unrecoverable. The message also mentions the attackers' intention to restore the data using remote access software like AnyDesk.

Ert Ransom Note in Full

The Russian text of the Ert ransom note reads as follows:

Ваши файлы были зашифрованны. Для того что бы расшифровать свои файлы, Вам необходимо написать нам, на адрес почты, который указан ниже.

andrey09313@mail.ru

Ждем ответа сегодня до DD.MM.2024, 12:00 дня по мск!!!, если не получим ответа, удаляем ключи расшифровки Ваших файлов.

Расшифровка файлов производиться нашим специалистом через AnyDesk или RDP

Укажите в письме цифру 1

How Can You Protect Your Data Against Ransomware Similar to Ert?

Protecting your data against ransomware, such as Ert, requires a combination of proactive measures and robust security practices. Here are some strategies to help safeguard your data:

Backup Your Data: Regularly back up your files to an external hard drive, cloud storage service, or both. Ensure that backups are performed automatically and are stored securely offline to prevent ransomware from encrypting them.

Keep Software Updated: Maintain up-to-date operating systems, antivirus software, and security patches on all devices. Vulnerabilities in outdated software can be exploited by ransomware and other malware.

Use Antivirus and Anti-Malware Software: Install reputable antivirus and anti-malware software on your devices and keep them updated. These programs can detect and prevent ransomware infections before they can encrypt your files.

Enable Firewall Protection: Activate firewalls on your devices and networks to block unauthorized access and prevent malware, including ransomware, from infiltrating your systems.

Exercise Caution with Email Attachments and Links: Be cautious when opening email attachments or clicking on links, especially from unknown or suspicious senders. Ransomware often spreads through phishing emails containing malicious attachments or links.

Implement Security Awareness Training: Educate yourself and your employees about the dangers of ransomware and how to recognize phishing attempts. Train them to avoid clicking on suspicious links, downloading unknown attachments, or providing sensitive information to unknown sources.

Enable Email Filtering: Use email filtering solutions to block spam, phishing emails, and emails containing malicious attachments. This can help prevent ransomware from infiltrating your systems through email-based attacks.