{"id":18222,"date":"2022-02-08T07:10:13","date_gmt":"2022-02-08T15:10:13","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/02\/08\/news-11955\/"},"modified":"2022-02-08T07:10:13","modified_gmt":"2022-02-08T15:10:13","slug":"news-11955","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/02\/08\/news-11955\/","title":{"rendered":"“We absolutely do not care about you”: Sugar ransomware targets individuals"},"content":{"rendered":"

Credit to Author: Jovi Umawing| Date: Tue, 08 Feb 2022 14:04:51 +0000<\/strong><\/p>\n

Ransomware tends to target organizations. Corporations not only house a trove of valuable data they can’t function without, but they are also expected to cough up a considerable amount of ransom money in exchange for their encrypted files. And while corporations struggle to keep up with attacks, ransomware groups have left the average consumer relatively untouched\u2014until now.<\/p>\n

Sugar ransomware, a new strain recently discovered by the Walmart Security Team<\/a>, is a ransomware-as-a-service (RaaS) <\/a>that targets single computers and (likely) small businesses, too. Sugar, also known to many as Encoded01, has been in operation since November 2021.<\/p>\n

Bleeping Computer notes<\/a> that the Walmart Security Team got the name ‘Sugar’ from a site belonging to an affiliate of the ransomware operation: sugarpanel.space<\/code>.<\/p>\n

As with many ransomware strains, the authors aren’t holding back in their note which is dropped onto the system as BackFiles_encoded01.txt:<\/code><\/p>\n

Whats Happen? [+]  Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension .encoded01. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).  [+] What guarantees? [+]  Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our] work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt 1-5 files for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.  [+] How to get access on website? [+] You can open our site by the shortcut \"SUPPORT (TOR_BROWSER)\" created on the desktop. Also as the second option you can install the tor browser: a) Download and install TOR browser from this site: https:\/\/torproject.org\/ b) Open our website. Full link will be provided below.  ---------------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions- ints may entail damge of the private key and, as result, THE Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interest to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!! ---------------------------------------------------------------------------------------------- Your ID:  {redacted} <\/pre>\n
How it works<\/h2>\n
Once executed, Sugar connects to two URLs, whatismyipaddress.com<\/em> and ip2location.com<\/em>, to identify the device’s IP address and geographic location. It then downloads a 76MB file, the use of which is currently unclear.<\/p>\n
Sugar then connects to its command & control (C2)<\/a> server where it transmits and receives data related to its attack. It then encrypts files located in the below folders:<\/p>\n