FANDOM


Afrodita is a ransomware that runs on Microsoft Windows. It was discovered by S!Ri. It is part of the LockerGoga family. It is aimed at English-speaking users.

Payload

Transmission

Afrodita is distributed through spam campaigns (emails). They send malicious MS Excel documents that are designed to install this ransomware. However, in order for that document to be able to install Afrodita it is required to give it a permission to enable macros commands/editing. Once it is done, this document starts installation of Afrodita.

It can also be distributed by hacking through an insecure RDP configuration, using deceptive downloads, botnets, exploits, malicious ads, web injects, fake updates, repackaged and infected installers.

Infection

It encrypts data with AES-256 and RSA-2048 encryption algorithms. Also, it creates a ransom note, the "__README_RECOVERY_.txt" text file which contains instructions on how to contact cyber criminals for information on how to pay a ransom (buy a decryption tool and key).

In order to prove that developers of Afrodita ransomware can help victims to decrypt their files they offer free decryption of one file. Victims can send it to them through Telegram (hxxps://t.me/RecoverySupport) and afroditateam@tutanota.com, or afroditasupport@mail2tor.com email address. Cyber criminals behind this ransomware claim that to be able to recover the rest of encrypted files victims have to pay a ransom and wait for a decryption tool and/or key. According to them, it is the only way to get the files back. Unfortunately, that is true. Like many programs of this type, Afrodita encrypts files with a strong encryption algorithms that are impossible to 'crack'. In other words, the only way to decrypt files is by using the right decryption tool and/or key that only developers of this ransomware have. They claim that they can be trusted and it is not in their interest not do send decryption tools after a payment. The ransom note says the following:

Vegasfest56 (talk) Greetings Vegasfest56 (talk)

[+] What has happened? [+]

Your files are encrypted, and currently unavailable. You are free to check.
Every file is recoverable by following our instructions below.

Encryption algorithms used: AES256(CBC) + RSA2048 (military/government grade).

[+] Guarantees? [+]

This is our daily job. We are not here to lie to you - as you are 1 of 10000's.
Our only interest is in us getting payed and you getting your files back.

If we were not able to decrypt the data, other people in same situation as you
wouldn't trust us and that would be bad for our buissness --
So it's not in our interest.

To prove our ability to decrypt your data you have 1 file free decryption.

If you don't want to pay the fee for bringing files back that's okey,
but remeber that you will lose a lot of time - and time is money.

Don't waste your time and money trying to recover files using some file
recovery "experts", we have your private key - only we can get the files back.

With our service you can go back to original state in less then 30 minutes.

[+] Service [+]

If you decided to use our service please follow instructions below.

Contact us:

Install Telegram(available for Windows,Android,iOS) and contact us on chat:
Telegram contact: https://t.me/RecoverySupport

Also available at email afroditateam@tutanota.com cc: afroditasupport@mail2tor.com

Make sure you are talking with us and not impostor by requiring free 1 file decryption 
to make sure we CAN decrypt!!
Community content is available under CC-BY-SA unless otherwise noted.