Skynetlock Ransomware is Based on MedusaLocker

During our routine investigation of new malware, our team discovered Skynetlock, a variant of the MedusaLocker ransomware family. Skynetlock's primary objective is to encrypt files, as we observed while analyzing it. The ransomware also adds its extension (".skynetlock") to filenames and generates a ransom note in the "How_to_back_files.html" file format.

Skynetlock modifies file names by appending its extension to them, such as changing "1.jpg" to "1.jpg.skynetlock," "2.png" to "2.png.skynetlock," and so on. The ransom note contained within the file warns victims that their personal or company network has been breached and that all their critical files have been encrypted using RSA and AES encryption.

Furthermore, the attackers assert that any efforts to restore the files using third-party software will result in permanent damage. They also claim to have obtained highly confidential or personal data, which they will expose or sell if victims refuse to pay the ransom. The ransom note includes a Tor link that victims can use to contact the attackers. The attackers offer to decrypt some non-critical files to demonstrate that they can provide the files.

The ransom note also cautions victims that the decryption price will increase if they do not contact the threat actors within 72 hours. It is crucial to take appropriate measures to protect your system from ransomware attacks, such as regularly backing up your data, being cautious when opening email attachments or clicking on links, and using reputable antivirus software.

Skynetlock Ransom Note Promises Decryption of a Few Files

The full text of the Skynetlock ransom note goes as follows:

YOUR PERSONAL ID:

YOUR COMPANY NETWORK HAS BEEN PENETRATED
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion

• Note that this server is available via Tor browser only

Follow the instructions to open the link:

1. Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor site.
2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.
3. Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
4. Start a chat and follow the further instructions.
   If you can not use the above link, use the email:
   ithelp02@decorous.cyou
   ithelp02@wholeness.business

• To contact us, create a new free email account on the site: protonmail.com
  IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

How Can You Protect Your Files from Ransomware Like Skynetlock?

• Protecting your files from ransomware like Skynetlock involves implementing several preventive measures. Here are some of the steps you can take to protect your files from ransomware attacks:
• Backup your data regularly: Backup your files regularly to an external hard drive, cloud storage, or any other secure storage solution. This will enable you to recover your data in case it gets encrypted by ransomware.
• Keep your software and operating system up-to-date: Ensure that your software and operating system are always up-to-date with the latest security patches and updates. Cybercriminals often exploit vulnerabilities in outdated software and operating systems to launch ransomware attacks.
• Be cautious with email attachments: Do not open email attachments or click on links from unknown or suspicious sources. Cybercriminals often use phishing emails to spread ransomware.
• Use reputable antivirus software: Install reputable antivirus software that can detect and block ransomware attacks. Ensure that you keep the software up-to-date to detect the latest threats.
• Use strong and unique passwords: Use strong and unique passwords for your online accounts and avoid using the same password for multiple accounts. This will prevent cybercriminals from gaining access to your accounts and files.

By following these preventive measures, you can significantly reduce the risk of falling victim to ransomware attacks like Skynetlock and protect your files from being encrypted and held for ransom.