Protect (MedusaLocker) Ransomware Seeks to Encrypt Company Data
During our examination of recent file submissions, our team made a unique discovery: the emergence of a ransomware variant known as Protect, belonging to the MedusaLocker ransomware family. As with other ransomware types, the primary objective of Protect is to encrypt data and demand a ransom for its decryption.
To investigate the behavior of Protect, we executed a sample on our test machine, which resulted in the encryption of files. Notably, the ransomware added a ".protect3" extension to the original filenames. For instance, a file named "1.jpg" was transformed into "1.jpg.protect3," while "2.png" became "2.png.protect3," and so on. It's worth mentioning that the numerical value within the extension may vary depending on the specific variant of the ransomware.
Upon completing the encryption process, Protect generated a ransom note titled "How_to_back_files.html." The contents of the note indicate that the Protect (MedusaLocker) ransomware specifically targets companies rather than individual home users.
The ransom note conveys to the victim that their company network has been compromised, and all critical files have been encrypted using RSA and AES cryptographic algorithms. It explicitly warns against renaming, modifying, or attempting to decrypt the locked data, as such actions would render it permanently inaccessible. The note emphasizes that only the attackers possess the capability to restore the affected files.
Furthermore, the ransom note declares that confidential and personal information has been extracted from the compromised network. The victim is directed to contact the cybercriminals within a 72-hour timeframe and instructed to submit 2 to 3 non-essential files as a means of testing the decryption process. Failure to comply with the ransom demands will result in the perpetrators leaking the stolen data online.
Protect Ransom Note Promises Decryption of Two Files
The full text of the Protect ransom note reads as follows:
YOUR PERSONAL ID:
YOUR COMPANY NETWORK HAS BEEN PENETRATED
All your important files have been encrypted!Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.No software available on internet can help you. We are the only ones able to
solve your problem.We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..We only seek money and our goal is not to damage your reputation or prevent
your business from running.You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.Contact us for price and get decryption software.
email:
ithelp01@securitymy.name
ithelp01@yousheltered.com
- To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.- Tor-chat to always be in touch:
How Can You Protect Your Valuable Data from Ransomware?
Protecting your valuable data from ransomware requires a proactive and multi-layered approach. Here are several steps you can take to enhance your defenses against ransomware attacks:
- Backup Your Data: Regularly back up your important files and data to an external device or cloud storage. Ensure the backups are offline or stored on a separate network to prevent them from being compromised in an attack. Verify the integrity of your backups and test the restoration process to ensure their effectiveness.
- Keep Software Updated: Keep your operating system, applications, and security software up to date. Enable automatic updates whenever possible to ensure you have the latest patches and security fixes, as they often address vulnerabilities that ransomware can exploit.
- Use Robust Security Software: Install reputable antivirus and anti-malware software on all your devices. Enable real-time scanning and automatic updates to detect and block ransomware threats. Consider using software that offers behavior-based detection to identify suspicious activities.
- Exercise Caution with Email and Downloads: Be cautious when opening email attachments or clicking on links, especially from unknown senders or suspicious emails. Avoid downloading files from untrusted sources or visiting risky websites that may host malicious content. Implement email filtering and web filtering solutions to block known malicious attachments and URLs.
- Enable Firewall and Intrusion Detection Systems: Enable firewalls on your network and devices to filter out malicious network traffic. Additionally, consider implementing intrusion detection and prevention systems (IDPS) to monitor and block unauthorized access attempts.
- Disable Macros and Active Content: Disable macros in office productivity software such as Microsoft Office unless they are required for your work. Be cautious when enabling active content, such as macros or JavaScript, in documents or websites, as they can be used to deliver ransomware payloads.
- Use Strong, Unique Passwords: Implement strong, unique passwords for all your accounts, including your operating system, applications, and online services. Consider using a password manager to securely store and generate complex passwords.
