LEAKDB Ransomware is a Phobos Clone

While examining new file samples, our research team identified another ransomware variant belonging to the Phobos family, named LEAKDB. Malware falling under this classification encrypts data and demands payment for its subsequent decryption.

On our test system, the LEAKDB ransomware executed a process wherein it encrypted files and modified their titles. The original file names were extended with a distinctive ID assigned to the victim, the email address of the cybercriminals, and a ".LEAKDB" extension. For instance, a file originally labeled "1.jpg" transformed into "1.jpg.id[9ECFA84E-3143].[pcsupport@skiff.com].LEAKDB."

Following the completion of the encryption process, ransom notes were generated in the form of a pop-up window ("info.hta") and a text file ("info.txt"), both of which were deposited in every encrypted directory and on the desktop. The content of these messages indicates that LEAKDB is primarily geared towards targeting companies rather than individual home users.

The messages demanding ransom inform the victim about the encryption and downloading of their files. The notes explicitly advise against utilizing online decryption tools or seeking assistance from third parties, emphasizing the risk of permanent data loss.

The victim is provided with a two-day window to establish contact with the attackers, implying that payment is expected. The messages elaborate on the potential threats associated with the leakage of company data, underscoring the consequences if the victim fails to comply with the cybercriminals' demands.

LEAKDB Uses Lengthy Phobos-Style Ransom Note

The complete text of the LEAKDB ransomware reads as follows:

Your data is encrypted and downloaded!

Unlocking your data is possible only with our software.
Important! An attempt to decrypt it yourself or decrypt it with third-party software will result in the loss of your data forever.
Contacting intermediary companies, recovery companies will create the risk of losing your data forever or being deceived by these companies. Being deceived is your responsibility! Learn the experience on the forums.

Downloaded data of your company
Data leakage is a serious violation of the law. Don't worry, the incident will remain a secret, the data is protected.
After the transaction is completed, all data downloaded from you will be deleted from our resources. Government agencies, competitors, contractors and local media not aware of the incident.
Also, we guarantee that your company's personal data will not be sold on DArkWeb resources and will not be used to attack your company, employees and counterparties in the future.
If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed. Your data will be sent to all interested parties. This is your responsibility.

Contact us
Write us to the e-mail: pcsupport@skiff.com
In case of no answer in 24 hours write us to this e-mail:pctalk01@tutanota.com
Write this ID in the title of your message -
If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed. Your data will be sent to all interested parties. This is your responsibility.

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

How Can You Guard Against Ransomware Attacks?

Guarding against ransomware attacks requires a multifaceted and proactive approach. Here are key strategies to help protect your systems and data:

Backup Regularly:
Frequently back up your important data to an external device or secure cloud storage. Ensure that backups are automated and regularly tested to verify their integrity.

Update Software:
Keep your operating system, software, and security programs up to date. Regularly apply patches and updates to address vulnerabilities that could be exploited by ransomware.

Use Security Software:
Employ reputable antivirus and anti-malware software. Keep it updated to detect and block potential ransomware threats.

Educate and Train Users:
Educate employees and users about phishing emails, malicious attachments, and the dangers of clicking on suspicious links. Conduct regular training sessions to enhance awareness of cybersecurity best practices.

Email Security:
Implement email filtering solutions to identify and block phishing emails. Encourage users to scrutinize emails carefully before clicking on links or downloading attachments.

Network Security:
Utilize firewalls and intrusion detection/prevention systems to monitor and control network traffic. Regularly review and update security configurations.

By Zaib
November 30, 2023
Ransomware
English
November 30, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Fopra Ransomware is a New Phobos Clone

A new variant of the Phobos ransomware family was discovered recently. The new strain is called the Fopra ransomware. Fopra does nothing particularly different compared to other Phobos clones. It encrypts files on the... Read more

August 30, 2022
Ransomware

Unique Ransomware Joins Phobos Clone Family

A new strain of ransomware belonging to the Phobos family was spotted by researchers this week. The new variant is called the Unique ransomware. Unique encrypts files on the system and leaves them scrambled. Encrypted... Read more

September 28, 2022
Ransomware

MNX Ransomware is a New Phobos Clone

MNX ransomware is a new clone that expands the Phobos family of ransomware variants. MNX behaves largely like other recent Phobos clones. It will encrypt files on connected system drives and ask for ransom. Encrypted... Read more

November 24, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.