Secles Ransomware Uses Lengthy Ransom Note
Secles, a form of malware designed to encrypt data, was identified by our research team during a routine examination of new file samples. Malicious programs that encrypt files and demand ransoms for decryption are categorized as ransomware.
Upon executing a sample of Secles on our testing system, it proceeded to encrypt files, altering their names by appending a unique ID assigned to the victim, the cybercriminals' Telegram username, and a ".secles" extension. For instance, a file originally labeled "1.jpg" was transformed into "1.jpg.id[DYz8jzMo].[t.me_secles1bot].secles."
Following the completion of the encryption process, the Secles ransomware generated a ransom message titled "ReadMe.txt." This note urges the victim to establish contact with the attackers to initiate the process of restoring (decrypting) their data. In case the provided contact information becomes obsolete, the victim is instructed to explore an alternative communication method through the Tor network website provided.
The decryption of files is contingent upon complying with the ransom demands, but before making any payments, the victim is given the option to test the recovery process on two encrypted files. The message cautions against modifying or deleting the affected data, as such actions may disrupt the decryption process or make it unfeasible.
Secles Ransom Note Provides Onion Link
The full text of the lengthy Secles ransom note reads as follows:
to recover your data install telgram messanger at @seclesbot ( hxxps://t.me/secleslbot ) you will talk with support using the bot , admin will be monitoring if for any reason bot is not avaiable you can find link and id of new bot at our onion site 2kksm7oobarkoedfnkihgsa2qdvfgwvr4p4furcsopummgs5y37s6bid.onion you will need to install for browser for onion sites ( hxxps://www.torproject.org/download/ ) you dont need to install for if our telegram bot is working, the bot gets banned once a while
you id is : -
you will get two sample decryption (decoding) before any payment for free this is strong ransomware, any day you waste without paying is one business day you waste our price is reasonable,the wasted days will cost you more
some notes:
1-although illegal and bad but this is business,you are our client after infection and we will treat you respectfully like a client2-do not delete files at c:\secles , if you want to reinstall windwos take a backup of the folder (dont waste time trying to get anything out of them ,they are encrypted with out public key and cant be read without our private keys)
3-do not play with encrypted file, take a backup if you want to waste some time playing with them
4-if you take a middleman do deal with us directly , take one with good reputation ,we always provide decryptor after payment and only ask for one payment , if you take a random middle man from internet he may take you money and not pay as and disappear or lie to you
5-police can't help you , we are excpericed hackers and we don't leave footprints behind , even if we did police wont risk ther million dollar worth zero day exploits for catching us, instead what they do get sure of is you never pay us and you suffer loss your data
6-if some of your files don't have our extention but do not open ,they are encrypted all other files and will decrypt normally ,they just have not been renamed to get our extension
What Proactive Measures Can You Take to Guard Against Ransomware?
To fortify your defenses against ransomware attacks, consider implementing the following proactive measures:
Regular Data Backups:
Perform regular backups of your critical data and ensure they are stored securely.
Use both onsite and offsite backup solutions to prevent the loss of data in case of a ransomware attack.
Update Software and Systems:
Keep your operating system, antivirus software, and all applications up to date to patch vulnerabilities.
Enable automatic updates whenever possible to stay protected against known security flaws.
Security Awareness Training:
Educate employees on cybersecurity best practices, emphasizing the importance of not clicking on suspicious links or downloading attachments from unknown sources.
Email Security:
Employ email filtering systems to detect and block phishing attempts and malicious attachments.
Encourage employees to be cautious with email communications, especially those requesting sensitive information or containing unexpected links.
Network Segmentation:
Implement network segmentation to restrict the lateral movement of ransomware within your network.
Isolate critical systems and sensitive data from less secure areas of your network.
Application Whitelisting:
Use application whitelisting to allow only approved programs to run on your systems, preventing unauthorized and potentially malicious software from executing.
