ReadText Ransomware Will Encrypt Your Drives

Our research team came across the ReadText ransomware during our examination of new submissions. This malicious software belongs to the MedusaLocker ransomware family.

ReadText functions in a manner typical of ransomware. It encrypted the files on our test machine, adding a ".readtext4" extension to the original filenames. The specific number used in fine extension generation may vary depending on the variant of the ransomware. For instance, a file originally named "1.jpg" would be transformed into "1.jpg.readtext4," and "2.png" into "2.png.readtext4," and so on.

Subsequently, it deposited a ransom message named "How_to_back_files.html." From this message, it is evident that ReadText targets businesses and employs double-extortion tactics.

The note associated with the ReadText ransomware states that the victim's corporate network has been compromised. Critical files have been encrypted, and sensitive or personal data has been pilfered.

The message advises against altering the filenames of the encrypted files or attempting recovery using third-party decryption tools, as such actions would render the data irretrievable.

The victim is informed of the necessity to pay a ransom. Failure to comply will result in the exfiltrated data either being leaked or sold. Additionally, delaying contact for over 72 hours will escalate the ransom amount. Prior to making the payment, the victim has the option to test the decryption process by sending the attackers two to three encrypted files.

ReadText Ransom Note Threatens Data Leaks

The full text of the ReadText ransom note goes as follows:

YOUR PERSONAL ID:

YOUR COMPANY NETWORK HAS BEEN PENETRATED
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

email:
ithelp15@securitymy.name
ithelp15@yousheltered.com

To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

Tor-chat to always be in touch:

How is Ransomware Distributed Online?

Ransomware is distributed online through various methods, often exploiting vulnerabilities in software, social engineering techniques, and malicious attachments or links. Here are some common ways ransomware is distributed:

Phishing Emails:
Phishing emails are a prevalent method for spreading ransomware. Attackers send deceptive emails that appear to be from legitimate sources, such as banks, government agencies, or trusted organizations. These emails contain malicious attachments or links that, when clicked or opened, download and execute ransomware on the victim's computer.

Malvertising:
Malvertising involves cybercriminals placing malicious advertisements on legitimate websites. When a user clicks on these ads, they may unknowingly trigger the download of ransomware or be redirected to a website that hosts exploit kits, which then deliver the ransomware payload.

Drive-By Downloads:
Drive-by downloads occur when a user visits a compromised or malicious website. In some cases, the website exploits vulnerabilities in the user's web browser or plugins to automatically download and install ransomware on the visitor's system without any user interaction.

Exploit Kits:
Exploit kits are toolkits used by attackers to identify and exploit vulnerabilities in a victim's software. When a user visits a compromised website or clicks on a malicious link, the exploit kit scans for vulnerabilities and delivers the ransomware payload if a vulnerability is found.

Remote Desktop Protocol (RDP) Attacks:
Attackers target exposed RDP ports and attempt to gain unauthorized access to a victim's computer or network. Once inside, they deploy ransomware directly onto the system.

Malicious Attachments:
Ransomware can be spread through email attachments, often disguised as harmless files like PDFs, Word documents, or ZIP archives. When these attachments are opened, they execute malicious scripts or macros that initiate the ransomware download.