SULINFORMATICA Ransomware Attempts Double Extortion

ransomware gang

Our researchers came across SULINFORMATICA, a type of ransomware, during a routine examination of new file submissions. This malicious software is specifically crafted to encrypt data and demand payment for its decryption.

Upon testing SULINFORMATICA on our evaluation system, it proceeded to encrypt files and added a ".aes" extension to their filenames. For instance, a file originally named "1.jpg" was transformed into "1.jpg.aes," and "2.png" became "2.png.aes," and so on.

Once the encryption process concluded, a ransom message named "Instruction.txt" was generated. From the text within this message, it becomes evident that this ransomware primarily targets businesses rather than individual users. SULINFORMATICA also employs a double extortion strategy.

The ransom note from SULINFORMATICA notifies the victim that their company's network has been compromised. During the attack, the victim's files were encrypted. The message reassures that complete recovery is feasible through decryption. Furthermore, it warns that vital databases, documents, and other files were stolen from the network.

The victim is strongly encouraged to initiate negotiations promptly. Failing to establish contact with the attackers within 24 hours will have a detrimental impact on the negotiation process. The message suggests that non-compliance with the cybercriminals' demands will not only result in permanently inaccessible files but also in the disclosure of the stolen company data.

SULINFORMATICA Ransom Note in Full

The complete text of the SULINFORMATICA ransom note reads as follows:

Hello. I SULINFORMATICA. Your infrastructure has been hit and all files are encrypted. Be warned - this is complex multi-threaded encryption. All your files are intact, they will be fully accessible after decryption. All important files/documents/databases have been downloaded from your network. They are securely hidden and stored in order to further work with your company data. We suggest that you start negotiations to resolve the situation. You can get all the information on decryption at the contacts listed below. You can get all the information on the company's data and return it to you / or remove it from public access at the contacts listed below. We also inform you that every 24 hours delays will worsen the negotiating position. Contact us as soon as possible, we are ready to help and waiting for you. SULINFORMATICA@proton.me brazil-sulin@tutanota.com Or qTox messenger (available 24/7): (alphanumeric string)

Why do Ransomware Actors Use Double Extortion?

Ransomware actors use double extortion tactics for several strategic reasons:

  • Increased Leverage: Double extortion provides ransomware operators with greater leverage over their victims. In addition to encrypting the victim's data, they also threaten to release sensitive or confidential information to the public, potentially causing significant harm to the victim's reputation, financial stability, or legal standing. This added threat makes victims more inclined to pay the ransom quickly.
  • Diversification of Income: By stealing data and demanding payment not only for decryption but also for the non-disclosure of stolen information, ransomware actors can diversify their income streams. This allows them to extract money from victims who may be reluctant to pay a ransom for data recovery but are willing to pay to prevent the exposure of sensitive data.
  • Enhanced Pressure: Double extortion creates additional pressure on victims to meet the attackers' demands. Victims are faced with the prospect of not only losing access to their data but also dealing with the fallout from data leaks, including potential legal and regulatory consequences. This added pressure can push victims to make quicker decisions about paying the ransom.
  • Adaptation to Defensive Measures: As organizations improve their cybersecurity defenses, ransomware actors have sought new tactics to overcome these obstacles. Double extortion is one such adaptation, as it exploits the fact that even well-protected organizations may not be able to prevent data theft during a ransomware attack.
  • Increased Profitability: Double extortion attacks can be more profitable for ransomware groups. They can demand a higher ransom amount because they offer both decryption keys and the assurance that stolen data will not be exposed. This potentially results in larger payouts from victims.
By Zaib
October 5, 2023
Ransomware
English
October 5, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

LOCKEDFILECR Ransomware Attempts Double Extortion

LOCKEDFILECR is the name of a newly discovered ransomware strain. The new variant does not seem to belong to any particular big family of ransomware clones. LOCKEDFILECR will encrypt the targeted system, scrambling... Read more

September 20, 2022
Ransomware

HelloXD Ransomware Goes for Double Extortion

A research team with Palo Alto Networks has picked apart a relatively recent ransomware strain. The ransomware is called HelloXD and was first spotted in the last months of 2021. HelloXD is the type of ransomware gang... Read more

June 21, 2022
Ransomware

Arai Ransomware Goes for Double Extortion

Arai is the name of a newly discovered strain of file-encrypting malware. The new variant does not seem to belong to any particular ransomware family. The ransomware works largely as you would expect it to - it... Read more

July 27, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.