IRIS Ransomware

During a cybersecurity inspection targeting potential malware threats, researchers stumbled upon a malicious software dubbed IRIS. Its primary function revolves around encrypting files stored on the compromised devices. Following encryption, the threat demands a ransom payment from the affected victims in exchange for decrypting their files.

Upon execution, the IRIS Ransomware initiates the encryption process, targeting various file types found on the system. It alters the original filenames by appending an extension consisting of four randomly generated characters. For instance, a file initially named '1.pdf' would now appear as '1.pdf.592m,' while '2.png' would transform into '2.png.2n32,' and so forth for all encrypted files. Upon completing the encryption process, IRIS modifies the desktop wallpaper and deposits a ransom note labeled 'read_it.txt.' Furthermore, researchers have determined that IRIS belongs to the Chaos Ransomware family.

The IRIS Ransomware Can Lock Victims from Accessing Their Data

The ransom message delivered by IRIS outlines the situation: the victim's files have been encrypted, and to recover them, a payment of $350 in XMR (Monero cryptocurrency) is demanded. However, the note goes further, claiming that the attackers have also exfiltrated sensitive data such as browsing history, personally identifiable information, login credentials, and credit card numbers. This complicates matters as formatting the device is not seen as a viable solution since it won't erase the stolen data. Instead, the implication is that the attackers will threaten to leak this information if the ransom isn't paid.

In typical ransomware scenarios, decryption without the involvement of the attackers is nearly impossible, except in rare cases where the ransomware is severely flawed. However, even when victims comply with ransom demands, they often do not receive decryption tools. Therefore, experts strongly advise against paying the ransom, as it not only fails to guarantee data recovery but also supports illegal activities by funding cybercriminals.

To prevent the IRIS Ransomware from further encrypting files, it is crucial to remove it from the operating system. However, it's important to note that removing the ransomware will not automatically restore the encrypted data.

Take Measures to Protect Your Devices against Malware and Ransomware

Protecting devices against malware and ransomware is crucial in today's digital landscape. Here's a comprehensive guide outlining various measures users can take to safeguard their devices effectively:

• Install Reputable Security Software: Begin by installing reliable anti-malware software on all devices. Choose a reputable provider that offers real-time scanning, automatic updates and comprehensive malware detection capabilities.
• Keep Software Updated: Regularly update operating systems, applications, and software to patch security vulnerabilities. Enable automatic updates whenever possible to ensure devices are protected against the latest threats.
• Exercise Caution with Email: Be cautious when interacting with email attachments and links, especially those from unknown or suspicious sources. Avoid interacting with links or downloading attachments from unsolicited emails, as they may contain malware or lead to phishing tactics.
• Utilize Firewall Protection: Activate firewalls on devices to track and control incoming and outgoing network traffic. Firewalls are utilized as a barrier against unauthorized access attempts and help block harmful activity.
• Implement Strong Passwords: Build strong, unique passwords for all accounts and devices. Use an amalgamation of lowercase and uppercase letters, special characters and numbers. Consider a password manager as an alternative to store and manage passwords securely.
• Enable Two-Factor Authentication (2FA): Enhance account security by enabling Two-Factor Authentication (2FA) wherever possible. 2FA demands users provide another verification form, such as a code sent to their mobile device, before accessing an account.
• Regularly Back Up Data: Implement a regular backup strategy to protect vital data from ransomware attacks. Back up data to an external hard drive, cloud storage service or network-attached storage (NAS) device. Ensure backups are performed regularly and stored securely.
• Educate Users: Educate yourself and others about well-known cybersecurity threats and how to stay secure online. Train employees, family members, and friends to recognize phishing attempts, suspicious websites and other potential risks.
• Limit User Privileges: Restrict user privileges on devices to minimize the impact of malware infections. Avoid using administrator accounts for everyday tasks and only grant administrative privileges to trusted users when necessary.
• Stay Informed: Stay enlightened about the latest cybersecurity threats and trends by following reputable sources of information. Keep abreast of emerging malware and ransomware variants, security updates, and best practices for protecting devices.

By implementing these comprehensive measures, users can minimize the risk of malware and ransomware infections on their devices and protect their valuable data from being compromised.

The full text of the ransom note created by the IRIS Ransomware is:

'HACKED BY IRIS!!!!!!!!!!!

Hello!

First off, this is not personal, its just businuss

All of your files have been encrypted!

Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.

What can I do to get my files back?

You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer.The price for the software is $350. Payment can be made in Monero only.

What happens if i don't pay?

You may think of just reseting your pc… We have all of your files, your addresses, passwords, emails, credit cards, search history, wifi logs, plus we literally everything that is on your computer. If you are connected to a wifi network we now also have all the files from those devices also.

How do I buy Monero/XMR?

Look up a youtube video on how to buy the coin, or visit localmonero.co to buy from a seller.

Payment Type: Monero/Xmr Coin

Amount: $350 USD In Monero/XMR

Monero/XMR address to send to:
45R284b7KTQaeM5t8A2fv617CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHVjoppdY24gvV17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV

If you have any questions or issues contact: iriswaresupport@proton.me

HACKED BY IRIS (THE ONE AND ONLY)'