Weon Ransomware Encrypts Many File Types
Our team has recently discovered a new variant of the Djvu ransomware family called Weon. Weon is a malicious software, also known as ransomware, that employs encryption techniques to lock files, rendering them inaccessible to users. This particular variant, Weon, came to our attention during our analysis of new malicious file samples.
It is crucial to be mindful that Weon has the potential to be distributed alongside other forms of malware, including information stealers such as RedLine or Vidar. Once Weon infiltrates a system, it modifies the filenames of encrypted files by adding the ".weon" extension. For example, a file originally named "1.jpg" would be renamed as "1.jpg.weon", "2.png" would become "2.png.weon", and so on. Additionally, the ransomware leaves behind a ransom note called "_readme.txt".
The ransom note generated by Weon provides payment and contact details, emphasizing the urgency for victims to establish communication with the threat actors within a 72-hour timeframe. Failing to do so may result in an increased payment amount of $980 instead of the discounted price of $490, which covers the costs of acquiring the decryption software and key. The note strongly emphasizes that decrypting files without these essential tools is impossible.
Furthermore, the "_readme.txt" file outlines an option for victims to send a single encrypted file for decryption at no cost. To initiate contact with the attackers, victims are provided with two email addresses: support@freshmail.top and datarestorehelp@airmail.cc.
Weon Ransom Note Copies Djvu's Template
The full ransom note used by Weon reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-3q8YguI9qh
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can You Protect Your Files from Ransomware Like Weon?
Safeguarding your files from ransomware like Weon requires a proactive approach to cybersecurity. Here are some crucial measures you can take to protect your files:
Backup your data: Regularly back up your important files and data to an offline or cloud-based backup solution. Ensure the backups are securely stored and isolated from your primary network or device. This way, even if your files get encrypted by ransomware, you can restore them from a clean backup.
Keep your software up to date: Maintain up-to-date operating systems, software applications, and security patches. Regularly update them to address any vulnerabilities that cybercriminals could exploit.
Install robust security software: Use reputable antivirus and anti-malware software to provide an additional layer of protection. Keep the software updated to defend against the latest threats, including ransomware.
Exercise caution with email attachments and links: Be vigilant when opening email attachments or clicking on links, especially if they come from unknown or suspicious sources. Verify the authenticity of emails before interacting with their contents.
Enable macro security: Disable macros in document files, such as Microsoft Office files, as macros can be exploited by ransomware to execute malicious code. Only enable macros from trusted sources when absolutely necessary.
Be cautious when downloading software: Obtain software only from trusted sources and official websites. Be wary of downloading applications or files from unfamiliar or suspicious websites, as they may contain disguised ransomware.
Use strong, unique passwords: Create strong, complex passwords for your accounts and avoid using the same password across multiple platforms. Consider using a reliable password manager to securely store and manage your passwords.
