U2K Ransomware Copies Older Strain
U2K is a newly discovered ransomware variant spotted in the wild. It bears a lot of resemblance to the older MME ransomware that was discovered in early 2022.
U2K encrypts files and makes them unreadable. Affected extensions include all popular media, document and archive file types, as well as database files. Once encrypted, the files receive the ".U2K" extension. In this way, a file formerly named "ledger.pdf" will turn into "ledger.pdf.U2K" upon encryption.
The ransom note is dropped in a plain text file that is called simply "ReadMe.txt".
The full ransom note goes as follows:
Attention!
All your files, documents, photos, databases and other important files are encrypted
The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files.
The server with your decryptor is in a closed network TOR. You can get there by the following ways:
----------------------------------
1. Download Tor browser - hxxps://www.torproject.org/
2. Install Tor browser
3. Open Tor Browser
4. Open link in TOR browser: hxxp://u2kqti2utfaiefucegnmd6yh6hledbsfanaehhnnn3q5usk6bvndahqd.onion/?301BDPGHJLM
5. and open ticket
----------------------------------
Alternate communication channel here: hxxps://yip.su/2QstD5