Farao Ransomware Contains Ransom Note in Portuguese

During our examination of new ransomware samples, our research team came across the Farao ransomware, which appears to be derived from the Chaos ransomware. This malicious software encrypts files and then demands payment for their decryption.

In our analysis, Farao was observed encrypting files on our testing system and adding a four-character extension to their filenames. For instance, a file named "1.jpg" would become "1.jpg.qigb", and "2.png" would become "2.png.0wbb", and so forth. Following the completion of the encryption process, a ransom note named "LEIA-ME.txt" was generated.

The ransom note, roughly translated from Portuguese, informs the victim that their files have been encrypted and taken hostage. It sets a 48-hour deadline for the victim to make a ransom payment, warning of permanent data loss if the deadline is not met. The demanded ransom is 250 BRL (Brazilian real) payable in Bitcoin cryptocurrency.

Farao Ransom Note in Full

The complete text of the brief ransom note generated by Farao reads as follows:

{TODOS OS SEUS ARQUIVOS FORAM CRIPTOGRAFADOS E ROUBADOS}

{VOCE TEM 48 HORAS PRA EFETUAR O VALOR DE 250 REAIS EM CRYPTOMOEDA
ENDERECO DA CARTEIRA ABAIXO}DA REDE BITCOIN 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV}

LEMBRANDO QUE OU VOCE PAGA, OU PERDERA TODOS OS SEUS DADDOS E ARQUIVOS, CASO FORMATE SEU COMPUTADOR, SEU SISTEMA OPERACIONAL SERA CORROMPIDO E SEU COMPUTADOR FICARA INULTILIZAVEL

PAGAMENTO EXPIRA EM 48 HORAS

DA REDE BITCOIN 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV}

TELEGRAM CONTATO; @Faraorasoware EVIAR COMPROVANTE PARA ESSE TELEGRAM

How Can Ransomware Like Farao Infect Your Computer?

Ransomware like Farao can infect your computer through various means, including:

Phishing Emails: One common method is through phishing emails containing malicious attachments or links. These emails often impersonate legitimate entities or services, tricking users into downloading and executing the ransomware unknowingly.

Malicious Websites: Visiting compromised or malicious websites can expose your computer to ransomware. These websites may contain exploit kits that can silently download and install ransomware onto your system without your knowledge.

Exploiting Vulnerabilities: Ransomware can exploit vulnerabilities in software or operating systems to gain unauthorized access to your computer. It's essential to keep your software and operating system up to date with the latest security patches to mitigate the risk of exploitation.

Drive-by Downloads: Ransomware can be downloaded onto your computer without your consent while visiting legitimate websites that have been compromised. This is known as a drive-by download, where malicious scripts or code are injected into the website to initiate the download and installation of ransomware.

Malicious Advertisements (Malvertising): Malicious advertisements, also known as malvertising, can redirect users to websites hosting ransomware or initiate downloads of ransomware onto their systems when clicked.

Removable Storage Devices: Ransomware can spread through infected USB drives, external hard drives, or other removable storage devices. Plugging in an infected device to your computer can result in the ransomware spreading to your system.

Exploiting Remote Desktop Protocol (RDP): Ransomware attackers can exploit weak or default passwords on Remote Desktop Protocol (RDP) connections to gain unauthorized access to computers and deploy ransomware.

To protect your computer from ransomware infections, it's crucial to implement robust cybersecurity measures, including installing reputable antivirus software, regularly backing up your data, being cautious when opening email attachments or clicking on links, keeping your software up to date, and using strong, unique passwords for all accounts.