With continuous progress in the domain of cryptovirology, ransomware operators are now trying new ways and methods to carry out successful exploits. For instance, many cryptovirological developers are focusing on certain geographical territories to carry out their shenanigans. One recent ransomware discovery has also identified a strain that might have been developed on the same lines i.e. to target users in a certain region or country. This cryptovirological strain goes by the name SOLO and devised to target German users. However, that doesn’t mean people in other parts of the world can’t get affected by SOLO ransomware. Like any cyber threat, every ransomware code is also a global hazard, and similar is the case for this strain. Like most of the cryptovirological strains, SOLO also uses AES encryption module to lock down the files on the affected device. And as the name suggests, the encrypted files are affixed with the extension ‘SOLO’.
Ransom note or a guide for buying Bitcoins?
It looks as if the operators of SOLO ransomware have formulated an entire Bitcoin purchase guide in the ransom note. They thoroughly guide the affected users regarding different avenues to buy Bitcoins for paying them extortion money for ransomware removal. They even suggest the targeted users to Google the phrase ‘buying Bitcoins’.
In addition, they make the extortion demand of 0.2 Bitcoins for providing decrypter for ransomware removal. This amount roughly converts to $1300 as per today’s exchange rates. SOLO operators also warn targeted users to abstain from attempting ransomware removal on their own because it can lead to permanent loss of the encrypted data.
Like HiddenBear, the operators of SOLO ransomware are also not providing sample decryption to prove that they have the complete solution to unlock all the affected data. Researchers are still trying to find the distribution method used by the attackers.