AllCiphered is a variant of the notorious MedusaLocker ransomware family, a type of crypto-malware that encrypts files on infected systems and demands a ransom for their decryption. Discovered on the VirusTotal platform, this ransomware employs a sophisticated encryption mechanism, using both RSA and AES cryptographic algorithms. Once executed, it locks valuable files and appends the .allciphered70 extension to them, making them completely inaccessible to the victim without the decryption key.
Download SpyHunter Now & Scan Your Computer For Free!
Remove this and any other malicious threats to your system by scanning your computer with SpyHunter now! It’s FREE!
The ransomware’s primary objective is financial gain, and it achieves this by locking files and demanding payment (often in cryptocurrencies like Bitcoin) in exchange for the decryption key. Additionally, the attackers often threaten to leak stolen data if the ransom is not paid, adding an extra layer of pressure on the victims.
Key Features of AllCiphered Ransomware
- File Encryption: AllCiphered encrypts files on the infected system, appending a specific extension, usually .allciphered70 (the number may vary).
- Ransom Note: A ransom-demanding message is placed in an HTML file called How_to_back_files.html, which contains instructions and contact information for the attackers.
- Cryptographic Algorithms: The ransomware uses RSA and AES algorithms for encryption, which are extremely difficult to crack without the proper key.
- Exfiltration of Data: Besides encrypting files, the malware also exfiltrates sensitive or confidential data. The attackers threaten to release this stolen data or sell it if the ransom is not paid.
- Ransom Demand: The ransom note demands payment in cryptocurrency, warning victims that the ransom price will increase if they fail to contact the attackers within 72 hours.
Ransom Note: A Detailed Look
The ransom note placed by AllCiphered is a straightforward message that informs the victim of the breach and encryption. The message includes several key components:
- Personalized ID: Each victim is assigned a unique identifier.
- Encryption Information: The ransomware claims to have encrypted the files using a combination of RSA and AES encryption and warns that attempts to decrypt files using third-party software will result in permanent corruption.
- Exfiltrated Data Threat: The attackers assert that they have stolen confidential data, which will be released or sold unless the ransom is paid.
- Decryption Test: Victims are offered a chance to send a few files for free decryption as proof that the attackers can restore the files.
- Contact Information: The attackers provide email addresses (help@jexu.org and help@aminyx.com) for communication, advising victims to use ProtonMail for privacy.
Text presented in the ransom note:
YOUR PERSONAL ID:
-
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
email:
help@jexu.org
help@aminyx.com
* To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
How to Remove AllCiphered Ransomware
Download SpyHunter Now & Scan Your Computer For Free!
Remove this and any other malicious threats to your system by scanning your computer with SpyHunter now! It's FREE!
If your system has been infected by AllCiphered ransomware, immediate action is required to contain the damage and prevent further encryption. Follow these steps to remove the ransomware:
- Disconnect from the Internet: Immediately disconnect your device from the internet to prevent the ransomware from spreading or communicating with its command-and-control servers.
- Boot into Safe Mode: Restart your computer in Safe Mode with Networking to prevent the ransomware from running and to facilitate easier removal.
- For Windows 10/11, press Shift + Restart to access Advanced Startup Options, then select Troubleshoot > Advanced options > Startup Settings > Restart, and choose Safe Mode with Networking.
- Use Anti-Malware Software: To effectively remove AllCiphered ransomware, use a reputable anti-malware tool like SpyHunter. It will scan your system for ransomware traces and other malicious files and remove them.
- Download and install SpyHunter if you haven't already.
- Run a full system scan to detect and remove AllCiphered ransomware and its associated files.
- Restore from Backup: Once the ransomware is removed, if you have a clean backup stored in an offline location, restore your files from there. Ensure that no infected files are included in the restore process.
- Check for Data Breaches: Given the threat of stolen data, monitor your sensitive accounts and consider contacting a data breach monitoring service.
Preventive Measures
Ransomware attacks like AllCiphered are often preventable with the right precautions. To avoid future infections:
- Update Your Software: Regularly update your operating system, software, and applications to patch security vulnerabilities that could be exploited by ransomware.
- Use a Reputable Antivirus Program: Install and maintain an up-to-date antivirus or anti-malware program like SpyHunter to detect and block ransomware before it can encrypt your files.
- Avoid Suspicious Links and Attachments: Be cautious of emails or messages from unknown sources. Do not open attachments or click on links unless you are certain of their legitimacy.
- Back Up Your Data: Regularly back up your files to external drives or cloud storage. Ensure backups are stored offline to prevent ransomware from encrypting them.
- Educate Users: If you manage a company or organization, train employees to recognize phishing emails and avoid unsafe downloads or suspicious websites.
- Network Security: Implement strong network security practices, such as using firewalls, VPNs, and segmenting sensitive data to reduce the risk of network-wide infections.
Conclusion
The AllCiphered ransomware is a dangerous malware threat that can cause significant harm by encrypting files and stealing sensitive data. Victims are often pressured into paying a ransom to regain access to their files, but paying the ransom is never recommended, as it does not guarantee the return of your data and funds the criminals’ activities.
By using SpyHunter and following the preventive measures outlined above, you can protect yourself from ransomware attacks and minimize the damage caused by AllCiphered and other similar threats.
