SomeOrdinaryGamers Mutahar Ransomware is a Threat Despite Silly Name

SomeOrdinaryGamers Mutahar is a type of ransomware associated with the Makop family. This variant was identified during the examination of newly discovered malware samples. It has been observed that SomeOrdinaryGamers Mutahar encrypts and alters the names of files, changes the desktop wallpaper, and presents a ransom note named "+README-WARNING+.txt."

This ransomware appends a series of random characters, the email address someordinarygamers@nanozebra.com, and the ".SOG" extension to filenames. For instance, it transforms "1.jpg" into "1.jpg.[2AF20FA3].[someordinarygamers@nanozebra.com].SOG," "2.png" into "2.png.[2AF20FA3].[someordinarygamers@nanozebra.com].SOG," and so forth.

The ransom message informs the victim about the encryption of their files, emphasizing the importance of maintaining the file structure. It explicitly requests payment for the recovery of files and provides an option for a test decryption to instill confidence.

This note includes contact details, such as an email address (someordinarygamers@nanozebra.com) and a Twitter handle (@ordinarygamers). Additionally, it warns against attempting independent file restoration and outlines the decryption process post-payment, assuring the delivery of a scanner-decoder program along with detailed instructions.

SomeOrdinaryGamers Mutahar Ransom Note in Full

The complete ransom note produced by the malware reads as follows:

Greetings From SomeOrdinaryGamers Mutahar

Little FAQ:

1
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.

2
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.

3
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.

4
Q: How to contact with you?
A: You can write us to our mailboxes: someordinarygamers@nanozebra.com or @ordinarygamers on twitter also i will make video on your hack hxxps://www.youtube.ru/@SomeOrdinaryGamers/videos

5
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.

6
Q: If I don t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.

7
Q: How can we trust you are expert?
A: I make youtube video on hackers for a living i am expert hacker you can see here: hxxps://www.youtube.ru/@SomeOrdinaryGamers/videos

BEWARE
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.

What Preventive Measures Can You Take to Protect Your Data from Ransomware?

Protecting your data from ransomware involves implementing a combination of technical and behavioral measures to reduce the risk of infection and mitigate the impact if an attack occurs. Here are some preventive measures you can take:

Backup Regularly:
Regularly back up your important data to an external device or a secure cloud service. Ensure the backups are not directly accessible from the system being backed up to prevent them from being compromised.

Update Software and Systems:
Keep your operating system, software, and applications up-to-date with the latest security patches. Regularly update and patch your systems to address vulnerabilities that ransomware may exploit.

Use Antivirus and Anti-Malware Software:
Install reputable antivirus and anti-malware software on your system and keep it updated. Enable real-time scanning to detect and block malicious activities.

Enable Firewall Protection:
Use a firewall to monitor and control incoming and outgoing network traffic. Firewalls can help prevent unauthorized access to your system and block malicious connections.

Exercise Caution with Email:
Be cautious when opening email attachments or clicking on links, especially if the email is unexpected or from an unknown sender. Avoid downloading attachments or clicking on links from suspicious or unsolicited emails.