Unknown Ransomware is a New Phobos Malware Family Member

ransomware

We recently ran into a ransomware variant belonging to the Phobos family, dubbed Unknown. This malicious software encrypts files and changes their filenames, adding the victim's ID, an email address, and the ".unknown" extension. For example, "1.jpg" would be renamed to "1.jpg.id . .unknown".

The ransom note in Unknown's text file directs victims to contact masterfix@tuta.io or @Stop_24 on Telegram for further instructions. It also states that the cost of decryption depends on how quickly victims reach out to the threat actors and warns against attempting to decrypt files using third-party software as this may lead to permanent data loss. Victims are offered the chance to send up to five files for free decryption.

Unknown ransomware is particularly dangerous because it modifies filenames and encrypts data without any warning or notification given to victims beforehand. As such, it is important for users to remain vigilant when browsing online and ensure they have adequate security measures in place in order to protect themselves from this type of attack.

The Unknown ransomware full note

The Unknown ransomware deposits its ransom demands inside two files called "info.hta" and "info.txt". The full text of the note reads as follows:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail masterfix@tuta.io
Write this ID in the title of your message -
If you do not receive a response within 24 hours, please contact us by Telegram.org account: @Stop_24
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

What is the best way to protect your valuable files against ransomware similar to the Unknown ransomware?

The best way to protect your valuable files against ransomware similar to the Unknown ransomware is to ensure that you have adequate security measures in place. This includes regularly updating your operating system and software, using a reliable antivirus program, and avoiding suspicious websites or links. Additionally, it is important to back up all of your data on an external hard drive or cloud storage service so that if you do become a victim of ransomware, you can restore your files from the backup.

Finally, it is also important to be aware of phishing emails and other malicious activity online as this can be used by cybercriminals to gain access to your system and deploy ransomware.

How can ransomware like the Unknown ransomware find its way on your computer?

Ransomware like the Unknown ransomware can find its way onto your computer through a variety of methods. One of the most common is through malicious emails or links, which can be disguised as legitimate messages from companies or individuals. These emails often contain attachments or links that, when clicked, will download and install the ransomware onto your computer.

Additionally, cybercriminals may also use exploit kits to take advantage of vulnerabilities in outdated software and operating systems to gain access to your system and deploy ransomware. Finally, visiting malicious websites or downloading pirated software can also lead to infection with ransomware like the Unknown ransomware.

By Zaib
January 27, 2023
Ransomware
English
January 27, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Hheo Ransomware Joins Massive Malware Family

Hheo is the name of the latest ransomware strain that joins the ranks of the Djvu ransomware family. Djvu is one of the most numerous ransomware families based on what is essentially the same source code. The Hheo... Read more

July 13, 2022
Ransomware

Ofww Ransomware Joins Djvu Family of Malware

The Ofww ransomware is the newest member of the Djvu ransomware family. This new Djvu strain behaves as expected. It will encrypt the target system leaving files unopenable. Encrypted files receive the ".ofww"... Read more

September 26, 2022
Ransomware

Unique Ransomware Joins Phobos Clone Family

A new strain of ransomware belonging to the Phobos family was spotted by researchers this week. The new variant is called the Unique ransomware. Unique encrypts files on the system and leaves them scrambled. Encrypted... Read more

September 28, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.