LIVE TEAM Ransomware Locks Encrypted Files

ransomware

While analyzing new malware samples, our team identified a ransomware variant named LIVE TEAM. Similar to typical ransomware, LIVE TEAM encrypts files, alters filenames by appending the ".LIVE" extension, and delivers a ransom note in the form of a "FILE RECOVERY_ID_[victim's_ID].txt" file.

To illustrate, a file originally named "1.jpg" transforms into "1.jpg.LIVE," and "2.png" becomes "2.png.LIVE," and so forth. The ransom note notifies the victim of their encrypted and inaccessible files. It suggests that the attacker has secured a backup of the victim's data and issues a threat to publicize it unless the situation is resolved within seven days.

The note cautions against attempting to independently modify or restore the files, asserting that such actions will lead to their destruction. As a demonstration of the attacker's capability to restore the data, the note offers a complimentary test decryption for files under 3MB in size.

To commence the file recovery process, the victim is directed to contact the extortionist via email, providing the document's filename along with a unique recovery ID. The attacker pledges to disclose the ransom amount and furnish the decryption tool upon payment.

Contact details are provided through email addresses locked@onionmail.org and liveteam@onionmail.org. An implicit threat is included, warning that refusal to pay will result in persistent attacks and the exposure of sensitive data on the internet.

LIVE TEAM Ransom Note Offers Decryption of a Single File

The full text of the ransom note produced by LIVE TEAM reads as follows:

Hello

Your file has been encrypted and cannot be used
When you see this letter, your privacy data has been backed up by us. If you do not handle it, we will publish your privacy data after the 7th.

Don't try to change or restore the file yourself, which will destroy them
If necessary, you can decrypt a test file for free. Free test decryption is only available for files less than 3MB in size.

To restore files, you need a decryption tool. Please contact us by email.
Please add the file name of this document to the email and send it to me.
FILE RECOVERY_ID -
I will tell you the amount you need to pay. After the payment is completed, we will make the decryption tool and send it to you.

Customer service mailbox:
locked@onionmail.org
Spare mailbox: (use this mailbox after no reply in 24 hours)
liveteam@onionmail.org

You can also contact us through intermediary agencies (such as data recovery companies)

If you refuse to pay, you will be attacked constantly. Your privacy -sensitive data will also be announced on Internet.

We are a team that pays attention to credibility, so you can pay safely and restore data.

LIVE TEAM

How Can Ransomware Infect Your Computer?

Ransomware can infect your computer through various means, and attackers often employ sophisticated techniques to exploit vulnerabilities. Here are some common ways in which ransomware can infect your computer:

Phishing Emails: One of the most prevalent methods is through phishing emails. Cybercriminals send emails with malicious attachments or links that, when clicked, download and execute the ransomware on the victim's computer. The emails may appear legitimate and often contain urgent or enticing messages to prompt users to take immediate action.

Malicious Websites: Visiting compromised or malicious websites can lead to drive-by downloads. In such cases, malware is automatically downloaded and executed on the user's computer without their knowledge or consent. These websites may exploit vulnerabilities in browsers or plugins.

Malvertising: Malvertising involves the use of malicious advertisements on legitimate websites. Clicking on these ads can redirect users to websites that host ransomware or initiate automatic downloads.

Exploit Kits: Exploit kits target vulnerabilities in software and operating systems. If a user's system is not updated with the latest security patches, exploit kits can exploit these vulnerabilities to deliver and execute ransomware.

Social Engineering: Cybercriminals use social engineering tactics to trick users into downloading and executing malicious files. This can include fake software updates, deceptive messages, or enticing offers that lead to the installation of ransomware.

By Zaib
January 5, 2024
Ransomware
English
January 5, 2024
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Snick Ransomware Encrypts Several Files

Snick Ransomware is a dangerous malware threat that comes from the Makop family of malware threats. The actions of Snick Ransomware start with seeking out certain files, encrypting them, and then appending the .snick... Read more

March 3, 2022
Ransomware

Why Has Linda Ransomware Encrypted My Files?

The Linda ransomware is a newly discovered strain of file-encrypting malware. The ransomware belongs to the family of VoidCrypt ransomware clones. Encryption is fairly straightforward - Linda would encrypt most... Read more

June 9, 2022
Ransomware

Remove Delta Team Ransomware

File-encryption Trojans continue to run rampant on unprotected computers. Malware of this type can cause long-term damage to your data, preventing you from viewing your most important files. The Delta Team Ransomware... Read more

December 9, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.