Ithh Ransomware Uses Djvu Codebase
While examining new malware samples, we stumbled upon a ransomware variant known as Ithh. This ransomware is responsible for encrypting files and adjusting their file names by affixing the ".ithh" extension. Additionally, Ithh generates a ransom note contained within a file named "_readme.txt."
Ithh's method of renaming files follows a specific pattern. For instance, it transforms "1.jpg" into "1.jpg.ithh" and "2.png" into "2.png.ithh," and so on. It's essential to mention that Ithh belongs to the Djvu ransomware family, and malicious actors may distribute it alongside data-stealing malware like RedLine or Vidar.
The ransom note provides victims with reassurance that their files can be recovered. It explains that their critical files, including images, databases, and documents, have been encrypted using a robust technique. The only way to regain access to these files is by obtaining a decryption tool and the associated unique key.
The note specifies the price of the private key and decryption software at $980. It emphasizes a 50% discount for victims who contact the cybercriminals within the initial 72 hours, lowering the price to $490. Victims are instructed to reach out to the cybercriminals via email using the addresses support@freshmail.top or datarestorehelp@airmail.cc.
Ithh Ransom Note Provides Two Contact Emails
The complete text of the Ithh ransom note reads as follows:
- ATTENTION!
- Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-cGZhpvUKxk
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. - To get this software you need write on our e-mail:
support@freshmail.top - Reserve e-mail address to contact us:
datarestorehelp@airmail.cc - Your personal ID:
How Can You Protect Your System and Data from Ransomware?
Protecting your system and data from ransomware requires a multi-layered approach that includes both preventive measures and preparedness. Here are some key steps to safeguard your system and data from ransomware attacks:
Regularly Backup Your Data:
Back up your important files and data regularly to an external device or a secure cloud storage service. Ensure that backups are automated, and the data is stored offline or in a location not directly accessible from your computer.
Keep Software and Operating Systems Updated:
Regularly update your operating system, software applications, and antivirus programs. Cybercriminals often target known vulnerabilities, and updates often include security patches to address these vulnerabilities.
Use Strong, Unique Passwords:
Use strong, unique passwords for your accounts and change them regularly. Consider using a password manager to keep track of your passwords securely.
Enable Two-Factor Authentication (2FA):
Enable 2FA whenever possible for your online accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.
Educate Yourself and Your Team:
Provide cybersecurity training to yourself and your team (if applicable) to recognize phishing emails, suspicious links, and other common tactics used by ransomware attackers.
Install and Maintain Antivirus Software:
Use reputable antivirus and anti-malware software to detect and prevent ransomware. Keep the software up to date and run regular scans.
