GREEDYFATHER Ransomware
One of the latest additions to the nefarious trend of ransomware threats is the GREEDYFATHER Ransomware, a potent strain that encrypts files and demands a ransom for their release. GREEDYFATHER operates with a degree of sophistication that is characteristic of modern ransomware. Once a system is compromised, the malware encrypts the victim's files, rendering them inaccessible. Notably, the encrypted files are marked with the distinctive ".GREEDYFATHER" file extension, serving as a grim reminder of the attack.
The Ransom Message and Contact Information
To ensure that the victim is well aware of the situation, GREEDYFATHER leaves a ransom message in the form of a text file named "GREEDYFATHER.txt." This file provides instructions on how to contact the perpetrators and the terms for the release of the encrypted files.
Contacting the attackers is facilitated through various channels, underscoring the calculated and business-like nature of these cybercriminals. The following contact methods are provided:
- Tox Chat: The ransomware operators are accessible through the Tox chat platform, demonstrating their adaptability to emerging communication technologies.
- Email: Victims can communicate with the attackers by reaching out to greedyfather@onionmail.org. The use of an OnionMail address adds an extra layer of anonymity to the attackers, making it challenging for law enforcement to trace their identity.
- Instant Messaging (ICQ): @GREEDYFATHER on ICQ provides another avenue for victims to establish communication with the attackers. ICQ has been a favored platform for cybercriminals due to its relative anonymity and simplicity of use.
- Skype: GREEDYFATHER has a Skype account named "GREEDYFATHER Decryption," offering victims yet another option to negotiate the terms of ransom.
The Cryptocurrency Conundrum
As is customary with ransomware attacks, GREEDYFATHER demands payment in cryptocurrency, typically Bitcoin or other untraceable forms of digital currency. The use of cryptocurrency enables the attackers to maintain a level of anonymity, making it difficult for authorities to track and apprehend them.
The GREEDYFATHER Ransomware represents a new and potent threat in the ever-expanding realm of cybercrime. Its ability to encrypt files, leaving victims with limited options, underscores the need for robust cybersecurity measures. Prevention, through the implementation of effective security protocols, remains the best defense against such harmful attacks.
The ransom message presented to the GREEDYFATHER Ransomware victims reads:
'GREEDYFATHER Ransomware
ATTENTION!
YOUR PERSONAL DECRYPTION ID - -
At the moment, your system is not protected.
We can fix it and restore your files.
To get started, send 1-2 small files to decrypt them as proof
You can trust us after opening them
2.Do not use free programs to unlock.
OUR CONTACTS:
1) TOX messenger (fast and anonymous)
hxxps://tox.chat/download.html
Install qtox
Press sign up
Create your own name
Press plus
Put there our tox ID:
E9164A982410EFAEBC451C1D5629A2CBB75DBB6BCDBD6D2BA94F4D0A7B0B616F911496E469FB
And add me/write message
2)ICQ - @GREEDYFATHER
3)SKYPE - GREEDYFATHER Decryption
Also we have a temporary mail,pls use it only if neccesary
greedyfather@onionmail.org'
