The latest batch of rogue apps from the Chrome Web Store have all been traced back to a single, increasingly questionable domain registrar company in Israel that goes by the name GalComm. Over 1000 malicious domains found.
SUBSCRIBE TO OUR BLOG AND STAY AHEAD IN SECURITY AND PRIVACY
Please contact your IT support administrator for guidance before installing new Chrome web apps. For help from the professionals, contact us on our website chat or online contact form. We’re always happy to help you!
How to remove MedusaLocker Ransomware and decrypt .readtheinstructions, .decrypme or .encrypted files
We have already deconstructed lots of ransomware like Ouroboros, Ako, NEMTY, and others says, Arthur Lozovsky for Bugfighter. Today, we are topping up our list with MedusaLocker Ransomware. This dreadful software is known to be encrypting the files of innocent users, therefore, making them unretrievable until a ransom is paid. Virus got its name because of the name of the project file, that says: MedusaLocker.pdb. Also, the “Medusa” section is created in the registry. Once installed on a computer, it rapidly blocks off the access to your data by assigning a unique .encrypted or .readtheinstructions or .readinstructions extensions to each file. This way, 1.jpg changes itself to 1.jpg.readtheinstructions. Unfortunately, any manipulations are useless because of the strong cipher that is hard to break manually. When encrypting files, AES encryption will be used to encrypt each file, and then the AES key will be encrypted with the RSA-2048 public key included in the Ransomware executable. Depending on ransomware edition, extensions may also look like .bomber, .boroff, .breakingbad, .locker16, .newlock, .nlocker, and .skynet as well. After successful encryption of data, extortionists add an HTML or text file, called ransom note, that contains the necessary information on how to recover your data. Depending on the version it can be called RECOVER_INSTRUCTIONS.html, INSTRUCTIONS.html, HOW_TO_OPEN_FILES.html or HOW_TO_RECOVER_DATA.html.
MedusaLocker (.encrypted) All your data are encrypted! What happened? Your files are encrypted, and currently unavailable. You can check it: all files on you computer has new expansion. By the way, everything is possible to recover (restore), but you need to buy a unique decryptor. Otherwise, you never cant return your data. For purchasing a decryptor contact us by email: email@example.com If you will get no answer within 24 hours contact us by our alternate emails: firstname.lastname@example.org What guarantees? Its just a business. If we do not do our work and liabilities - nobody will not cooperate with us. To verify the possibility of the recovery of your files we can decrypted 1 file for free. Attach 1 file to the letter (no more than 10Mb). Indicate your personal ID on the letter: 041786A32071FD1D5BF472AE737A831C3F0EEABE36F5D5998DB4E8F377*** [всего 1024 знака] Attention! - Attempts of change files by yourself will result in a loose of data. - Our e-mail can be blocked over time. Write now, loss of contact with us will result in a loose of data. - Use any third party software for restoring your data or antivirus solutions will result in a loose of data. - Decryptors of other users are unique and will not fit your files and use of those will result in a loose of data. - If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key.
Ransomware developers say that you have to pay a specific fee (varying from user to user) through the Bitcoin to decode the restricted files. After finished, you should contact them via e-mail to notify about the payment. Paying a ransom is not the wisest decision you can make at this point time, because there is no guarantee that they will keep their promise and get your data back. Since there is no real method to check their integrity, you should not be doing this. On the contrary, a better conclusion would be removing this malware from your computer to keep further data safe by following the guide in the article below.
How MedusaLocker Ransomware infected your computer
To remove MedusaLocker Ransomware completely, we recommend you to use WiperSoft AntiSpyware from WiperSoft. It detects and removes all files, folders and registry keys of MedusaLocker Ransomware and prevents future infections by similar viruses.
To remove MedusaLocker Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders and registry keys of MedusaLocker Ransomware. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.
There is no purpose to pay the ransom, because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .readtheinstructions, .decrypme or .encrypted files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing of files will be performed free of charge and if files are decryptable, all you need to do is purchase 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with MedusaLocker Ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .readtheinstructions, .decrypme or .encrypted files
Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
Select the drive and date that you want to restore from.
Right-click on a folder name and select Export.
In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
Login to the DropBox website and go to the folder that contains encrypted files.
Right-click on the encrypted file and select Previous Versions.
Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like MedusaLocker Ransomware, in future
1. Get special anti-ransomware software
Use BitDefender Anti-Ransomware
Famous antivirus vendor BitDefender released free tool, that will help you with active anti-ransomware protection, as additional shield to your current protection. It will not conflict with bigger security applications. If you are searching complete internet security solution consider upgrading to full version of BitDefender Internet Security 2018.
As an additional way to save your files, we recommend online backup. Local storages, such as hard drives, SSDs, flash drives or remote network storages can be instantly infected by the virus once plugged in or connected to. MedusaLocker Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails is most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications, and provides very high level of anti-spam protection.
We’re not even halfway through 2020, and already it’s been a record-breakingyear for ransomware attacks says Adam Levin, inc. Barely a week goes by without reports of a new strain or variant of malware wreaking havoc among companies.
1-99-employee companies are a target
No industry, category, size, or group is safe from this cyber scourge.
We hear about the big ones. Manufacturing giant Honda had its networks brought to a standstill by just such an attack. Millions of inboxes have been hit with a variant of Avaddon ransomware. High-profile entertainment law firm Grubman Shire Meiselas & Sacks suffered a one-two punch of infection via REvil ransomware followed by a dark web auction of the firm’s client documents.
Small companies get hit all the time, but when they go out of business as a result it’s not news. It doesn’t matter how big your company is. In fact, what may matter more is how easy you are to hack.
A compounded threat for businesses
While there’s no shortage of examples of ransomware attacks, a recent study by data protection firm Veritas suggests an even bigger problem that few, if any, companies are prepared for: Customers are increasingly laying the blame on companies, specifically their CEOs, rather than on the hackers perpetrating the attacks.
The statistics are sobering. Twelve thousand respondents in the U.S., U.K., Germany, Japan, France, and China thought companies were to blame, with 40 percent saying CEOs should be doing a better job. In the same survey, 35 percent thought CEOs should be fined for a cyber failure, and 30 percent wanted to see a CEO lose his or her right to run any company following a serious cyber event. Another 23 percent thought the CEO should face a prison sentence.
Some of the survey’s findings suggest there’s some cognitive dissonance. For instance, 71 percent of respondents said companies shouldn’t pay ransoms to hackers, but 55 percent wanted businesses to pay a ransom if their own personal data was at risk. The numbers point to a nascent blame game, which in turn points to the need for companies large and small to make sure they have cyber insurance–often the only thing between your company and an extinction-level cyber event.
What can CEOs do?
With 44 percent in the Veritas survey claiming that they would stop using a business’s services following a ransomware-related breach regardless of how the company responded–it matters how you handle cyber.
With customers pointing the finger at business leadership, CEOs face a new layer to what was already an extinction-level threat. If the combined costs of paying a ransom and the resulting breach-related expenses aren’t enough to ruin a company, customers and clients are increasingly poised to drive the final nail in the coffin.
Preventing data breaches and implementing adequate cybersecurity safeguards was a daunting assignment even before the Covid-19 pandemic. A 2019 study showed that 80 percent of IT business leaders expected a critical breach or a successful cyberattack within a year, double what a similar study had indicated in 2015.
The inevitability of a successful cyberattack, ransomware-related or otherwise, cannot be mitigated by any CEO, but managing the aftermath can.
Much has been made of the shortage of skilled cybersecurity workers, to say nothing of supply chain vulnerabilities, unpatched or outdated software, or employee malfeasance. But the answer for management here lies in being prepared.
While corporate security fails are complex, a good leader needs only to be prepared for the day the inevitable happens. More than half of security personnel surveyed in 2019 believed that CEOs ignored security plans, and 14 percent said that their CEOs hadn’t received any cybersecurity training. Another study showed that 40 percent of IT professionals specifically cited their company’s CEO as the weakest link in their company’s security. Only you know if this is true of your organization. And if it is, only you can take steps to get cyber right.
There’s an oft-quoted saying that “culture eats strategy for breakfast,” and that’s very true when it comes to cyber. Know the risks, get help if you need it, get insured, and take it seriously.