SHTORM Ransomware Joins Phobos Family of Clones To Attack Files

The SHTORM ransomware belongs to the Phobos ransomware family, as discovered by our malware researchers while examining malware samples submitted to the VirusTotal page. The malware encrypts data, alters filenames, and generates info.hta and info.txt files, which serve as ransom notes.

To rename files, SHTORM adds a victim's ID, the email address mjk20@tutanota.com, and the ".SHTORM" extension. For instance, it would modify "1.jpg" to "1.jpg.id[9ECFA84E-3351].[mjk20@tutanota.com].SHTORM", "2.png" to "2.png.id[9ECFA84E-3351].[mjk20@tutanota.com].SHTORM", and so forth.

According to the ransom note, the victim's files have been encrypted due to a security issue with their computer. Victims must contact mjk20@tutanota.com with the ID provided in the email subject line if they want to recover their files. If the victim does not receive a response within 24 hours, they are advised to contact the attackers via Telegram (@Stop_24) or the TOX messenger. The ransom note also warns victims against renaming encrypted files or using third-party software to decrypt their data, as this could cause irreversible data loss. Furthermore, the note advises victims against seeking decryption services from third parties, as this could lead to increased decryption costs. The price for decryption is requested in Bitcoins and depends on how promptly the victim contacts the attackers.

SHTORM Ransom Note Follows Usual Phobos Model

The complete text of the SHTORM ransom note reads as follows:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail mjk20@tutanota.com
Write this ID in the title of your message 9ECFA84E-3351
If you do not receive a response within 24 hours, please contact us by Telegram.org account: @Stop_24
Or write us to the TOX messenger: 0DDF76854C8F9E3287F5EC09E4A3533E416F087BC4F7FEFD330277288F96575DFE950C3168DD
You can download TOX messenger here hxxps://tox.chat/
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

How Can You Protect Your Data from Ransomware Attacks?

Ransomware attacks can be devastating, but there are several measures you can take to protect your data. Here are some tips:

  • Keep your software up to date: Make sure all the software installed on your computer is up to date, including your operating system, web browsers, and other applications. This can help patch any security vulnerabilities that may exist in older versions of the software.
  • Use strong passwords: Use unique, strong passwords for all your online accounts and avoid reusing passwords. Consider using a password manager to generate and store complex passwords.
  • Back up your data regularly: Regularly back up your important data and files to an external hard drive or cloud storage. In the event of a ransomware attack, you can restore your data from the backup without having to pay the ransom.
  • Use anti-malware software: Install reputable anti-malware software and keep it up to date. This can help detect and remove malware, including ransomware, from your system.
  • Be cautious of email attachments and links: Do not open email attachments or click on links from unknown senders. Cybercriminals often use phishing emails to spread malware.
  • Enable two-factor authentication: Enable two-factor authentication on all your online accounts whenever possible. This can provide an additional layer of security to prevent unauthorized access to your accounts.
  • Educate yourself and your employees: Educate yourself and your employees about the risks of ransomware attacks and how to identify and prevent them. Regular training and awareness can help reduce the risk of an attack.
February 23, 2023
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.