Mono Ransomware Will Hold Your System Hostage
During the analysis of new malware samples, our team made an intriguing discovery. We came across a new variant of ransomware named Mono, which belongs to the Dharma family. This particular malware operates by encrypting data, altering file names, and presenting victims with a ransom note. To carry out its malicious activities, Mono displays a pop-up window and generates an "info.txt" file. To the original file names, Mono adds the victim's ID, the email address bakutomono@tuta.io, and the ".mono" extension.
For instance, if a file was named "1.jpg," Mono would transform it into "1.jpg.id-1E857D00.[bakutomono@tuta.io].mono," and similarly, "2.png" would become "2.png.id-1E857D00.[bakutomono@tuta.io].mono," and so on.
The ransom note is designed to inform the victims about the encryption of their files. It includes detailed instructions on how to recover the encrypted data by getting in touch with the provided email addresses (bakutomono@tuta.io and kabukimono@msgsafe.io). Additionally, the note offers victims to send a few minor files for free decryption, serving as a guarantee of sorts.
To prevent any potential data loss or increased expenses, the note strongly advises against renaming the encrypted files or trying to decrypt them using unauthorized software. It concludes with a stern warning about the dangers associated with seeking decryption assistance from third-party sources.
Mono Ransom Note Offers Decryption of Three files
The full text of the Mono ransom note reads as follows:
All your files have been encrypted!
Don't worry, you can return all your files!
If you want to restore them, write to the mail: bakutomono@tuta.io YOUR ID 1E857D00
If you have not answered by mail within 12 hours, write to us by another mail:kabukimono@msgsafe.io
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 3Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain BitcoinsAlso you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
How Can Ransomware Like Mono Infect Your Computer?
Ransomware, including the Mono variant, can infect your computer through various methods. Here are some common ways ransomware can infiltrate your system:
- Malicious Email Attachments: Cybercriminals often use phishing emails to distribute ransomware. They send deceptive emails pretending to be from legitimate sources, such as trusted organizations or contacts. These emails may contain infected attachments, such as documents or ZIP files, which, when opened, execute the ransomware.
- Malicious Links: Ransomware can also be delivered through malicious links embedded in emails, instant messages, or social media posts. Clicking on these links can lead you to infected websites or trigger automatic downloads of ransomware onto your computer.
- Exploit Kits: Exploit kits are malicious software packages that take advantage of vulnerabilities in outdated software or browsers. When you visit a compromised website, the exploit kit scans your system for vulnerabilities and injects ransomware if it finds any security weaknesses.
- Malvertising: Attackers can use malicious advertisements (malvertisements) that appear on legitimate websites to deliver ransomware. These ads may contain hidden code that redirects you to infected websites or initiates downloads without your knowledge.
- Remote Desktop Protocol (RDP) Attacks: If your computer has enabled and poorly secured Remote Desktop Protocol, attackers can exploit weak or stolen credentials to gain unauthorized access. Once inside, they can deploy ransomware directly onto your system.
