NoEscape Ransomware Will Render Your Files Unreadable
NoEscape operates as a Ransomware-as-a-Service, catering to other criminals who act as affiliates or customers. The ransomware builder interface allows affiliates to customize various configurations while creating the ransomware executables. However, the primary objective of NoEscape is to encrypt files.
NoEscape shares similarities with Avaddon ransomware. In our case, NoEscape appends a random string of characters (".CAEGAAHJFA") to filenames and generates a ransom note text file named "HOW_TO_RECOVER_FILES.txt." Additionally, NoEscape carries out a series of commands to eliminate shadow copies and system backups.
The ransom note informs the victims that their network has been hacked and infected by a group called NoEscape. It explicitly states that all their important files, including company documents and databases, have been encrypted. Furthermore, the note claims that the perpetrators have also obtained the victims' confidential documents, personal data, and sensitive information.
To regain access to their files, the victims are instructed to make a payment in exchange for a specialized recovery tool. Failure to do this will result in the files remaining encrypted indefinitely, with the stolen information being offered for sale on the darknet.
To proceed with the payment, the victims are advised to download and install the TOR browser and access a specific link provided in the note. They must enter their ID and follow the instructions provided.
The note explicitly warns the victims against attempting any modifications or file recovery on their own, emphasizing that only the perpetrators possess the ability to restore the encrypted files.
NoEscape Ransom Note Threatens to Leak Stolen Information
The full text of the NoEscape ransom note reads as follows:
HOW TO RECOVER FILES
WHAT HAPPEND?
Your network has been hacked and infected by NoEscape .CAEGAAHJFA
All your company documents, databases and other important files have been encrypted
Your confidential documents, personal data and sensitive info has been downloadedWHAT'S NEXT?
You have to pay to get a our special recovery tool for all your files
And avoid publishing all the downloaded info for sale in darknetWHAT IF I DON'T PAY?
All your files will remain encrypted forever
There is no other way to recover yours files, except for our special recovery tool
All the downloaded info will publishing for sale in darknet
Your colleagues, competitors, lawyers, media and whole world will see itI WILL TO PAY. WHAT SHOULD I DO?
You need to contact us:
- Download and install TOR browser hxxps://www.torproject.org/
- Open link in TOR browser noescaperjh3gg6oy7rck57fiefyuzmj7kmvojxgvlmwd5pdzizrb7ad.onion
- Enter your personal ID and follow the instructions
Your personal ID:
WHAT GUARANTEES DO WE GIVE?
We are not a politically company and we are not interested in your private affairs
We are a commercial company, and we are only interested in money
We value our reputation and keep our promiseWHAT SHOULD I NOT DO?
! Don't try modify or recover encrypted files at yourself !
! Only we can restore your files, the rest lie to you !
How Can Ransomware Like NoEscape Infect Your Computer?
Ransomware like NoEscape can infect your computer through various means, including:
- Phishing Emails: Attackers often send deceptive emails that appear legitimate, containing infected attachments or malicious links. Clicking on such links or opening infected attachments can trigger the installation of ransomware on your computer.
- Malicious Websites: Visiting compromised or malicious websites can expose your computer to drive-by downloads, where the ransomware is silently downloaded and executed without your knowledge or consent.
- Exploit Kits: Cybercriminals can exploit vulnerabilities in outdated software or operating systems to deliver ransomware onto your computer. This can occur when you visit a compromised website or click on a malicious advertisement.
- Malicious Downloads: Illegitimate software downloads, pirated content, or files obtained from untrustworthy sources can contain hidden ransomware that gets installed when you run the downloaded file.
- Remote Desktop Protocol (RDP) Attacks: If your computer's Remote Desktop Protocol is enabled and accessible over the internet, attackers can exploit weak passwords or security vulnerabilities to gain unauthorized access and deploy ransomware.
- Malvertising: Malicious advertisements displayed on legitimate websites can redirect you to websites hosting ransomware or initiate downloads without your knowledge.
- Network Intrusion: Ransomware can spread through local networks, targeting vulnerable devices connected to the same network as an infected computer. This can occur if proper security measures are not in place, such as weak passwords or unpatched vulnerabilities.