What is Vohuk Ransomware?

ransomware

Vohuk is a new strain of file-encrypting malware. The ransomware was discovered in the second half of November 2022.

Vohuk will encrypt files and leave them unreadable. The ransomware changes file names to a random alphanumeric string and changes existing extensions to the ".vohuk" extension. This will turn a file named "document.doc" into "[random string].Vohuk". This process makes files unrecognizable as well, as their names and original extensions are lost in encryption.

The encryption process affects media files, documents, archives and databases.

The ransomware changes the system wallpaper and the ransom note is dropped inside a file called "README.txt" and reads as follows:

[~] Vohuk Ransomware V1.3

>>> What's happened?
ALL YOUR FILES ARE STOLEN AND ENCRYPTED.
To recovery your data and not to allow data leakage, it is possible only through purchase of a private key from us.

>>> What guarantees?
We are not a politically motivated group and we do not need anything other than your money.
Before paying you can send us up to 2 files for free decryption.
The total size of files must be less than 2MB(non archived).
files should not contain valuable information. (databases, backups, large excel sheets, etc.)

>>> CONTACT US:
Please write an email to both: payordiebaby at tutanota dot com & payordiebaby69 at msgsafe dot io
Write this Unique-ID in the title of your message: -

>>> ATTENTION!
Do not delete or rename or modify encrypted files.
Do not try to decrypt using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price(they add their fee to our).
We use strong encryption, nobody can restore your files except us.
The price depends on how fast you contact with us.
remember to hurry up, as your email address may not be available for very long.
All your stolen data will be loaded into cybercriminal forums/blogs if you do not pay ransom.
If you do not pay the ransom we will attack your company repeatedly again.

November 23, 2022