Bleeping Computer: Cybercrime is spreading AgeLocker, a new ransomware. The malware utilizes the ‘Age’ encryption tool, instead of common algorithms such as AES+RSA, to encrypt victim’s files
AgeLocker is a new ransomware that utilizes the ‘Age’ encryption tool to encrypt victim’s files. It has been reported by Bleeping Computer cyber security experts. A consultant created a topic in the media forums about a new malware used in an attack against their client. After examining the encrypted files, it was discovered that a text header was added to each file that starts with the URL “age-encryption.org”. It brings you to a GitHub repository for an encryption utility called ‘Age’, created by Filippo Valsorda, cryptographer, and Go security lead at Google. According to the Age manual, the utility was designed as a replacement for GPG to encrypt “files, backups, and streams. The researcher Michael Gillespie explained that Age uses the X25519 (an ECDH curve), ChaChar20-Poly1305, and HMAC-SHA256 algorithms, which makes it a very secure method to encrypt a file.
The cybercrime actors send the ransom note via email to the victim, asking 7 bitcoins to decrypt the files
According the cyber security experts, it is not known how the cybercrime actors gain access to victim’s computers. But once they have access to the system, they utilize the Age tool to encrypt the victim’s files. While encrypting data, a custom extension created with the victim’s initials will be appended to each encrypted filename. In a first for ransomware infections, instead of creating ransom notes, the AgeLocker attackers emailed the ransom demand to the victim with the subject line of “[company name] security audit.” The note listed the devices encrypted by the malware and instructions on how to get payment information. According to the victim, the threat actors are asking for 7 bitcoins, or approximately $64,500, to decrypt the files. Unfortunately, at the moment it’s not possible to recover files for free.