SWIFT Ransomware Locks Infected Systems

While analyzing new malware samples, we identified a ransomware variant associated with the Proton family, named SWIFT. Upon infiltrating a computer, SWIFT encrypts and alters the names of files, changes the desktop background, and generates a ransom note titled "#SWIFT-Help.txt."

To modify file names, SWIFT appends the email address swift_1@tutamail.com and adds the ".SWIFT" extension. For instance, it transforms "1.jpg" into "1.jpg.[swift_1@tutamail.com].SWIFT," and "2.png" becomes "2.png.[swift_1@tutamail.com].SWIFT," and so forth.

The ransom note commences with a description of the situation, asserting that the attackers have utilized AES and ECC algorithms to encrypt and seize all of the victim's files, rendering file recovery impossible without their decryption service.

Subsequently, the note outlines the recovery steps, emphasizing the cybercriminals' financial motives and proposing the exchange of payment for decryption software and data destruction. To demonstrate their capability, the group recommends sending an inconsequential file under 1 MB for decryption as proof of their commitment to fulfilling their promises.

Contact details, such as the email address (swift_1@tutamail.com) and Telegram ID (@swift_support), are provided, with an alternative email address (swift@onionmail.com) suggested if there's no response within 24 hours. The victim is instructed to include their personal ID in the email subject.

In conclusion, the note advises against seeking assistance from recovery companies, cautioning about potential exploitation by middlemen for profit. Additionally, the victim is warned not to delay payment and to refrain from deleting or altering encrypted files to avoid complications with the decryption process.

SWIFT Ransom Note in Full

The complete text of the SWIFT ransom note goes as follows:

SWIFT
What happened?
We encrypted and stolen all of your files.
We use AES and ECC algorithms.
Nobody can recover your files without our decryption service.

How to recover?
We are not a politically motivated group and we want nothing more than money.
If you pay, we will provide you with decryption software and destroy the stolen data.

What guarantees?
You can send us an unimportant file less than 1 MG, We decrypt it as guarantee.
If we do not send you the decryption software or delete stolen data, no one will pay us in future so we will keep our promise.

How to contact us?
Our email address: swift_1@tutamail.com
Our Telegram ID: @swift_support
In case of no answer within 24 hours, contact to this email: swift@onionmail.com
Write your personal ID in the subject of the email.

Your personal ID: -

Warnings!

Do not go to recovery companies, they are just middlemen who will make money off you and cheat you.
They secretly negotiate with us, buy decryption software and will sell it to you many times more expensive or they will simply scam you.

Do not hesitate for a long time. The faster you pay, the lower the price.

Do not delete or modify encrypted files, it will lead to problems with decryption of files.

How Can You Safeguard Your Data from Ransomware?

Safeguarding your data from ransomware requires a proactive and multi-layered approach. Here are some key steps you can take to protect your data from ransomware attacks:

Backup Regularly:
Regularly back up your important data, and ensure that backups are stored offline or in a separate, secure location. This can help you restore your files if they are encrypted by ransomware.

Use Reliable Security Software:
Install and regularly update reputable antivirus and anti-malware software. This software can detect and block known ransomware threats.

Keep Software Updated:
Regularly update your operating system, software, and applications. Software updates often include security patches that can help protect against vulnerabilities exploited by ransomware.

Educate and Train Employees:
Train employees on security best practices, including how to recognize phishing emails and suspicious links. Human error is a common entry point for ransomware attacks.

Use Email Security Measures:
Implement email filtering solutions to block phishing emails and malicious attachments. Be cautious when clicking on links or downloading attachments from unknown or unexpected sources.

Limit User Privileges:
Restrict user access to the minimum level necessary for their job functions. This can help limit the impact of a ransomware attack by reducing the number of files accessible to potential threats.

Network Segmentation:
Segment your network to isolate critical systems and sensitive data. This can prevent the rapid spread of ransomware across your entire network.

By Zaib
February 20, 2024
Ransomware
English
February 20, 2024
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

5 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Eqew Ransomware Locks Systems

Eqew, a type of ransomware discovered through an analysis of new malware samples, has been identified as part of the Djvu malware family. This particular ransomware encrypts files and adds the ".eqew" extension to... Read more

November 16, 2023
Ransomware

Empire Ransomware Locks Victim Systems

In the course of reviewing new file samples, a ransomware known as Empire was identified. Empire employs encryption to hinder victims from accessing their files and adds the ".emp" extension to filenames. For... Read more

January 4, 2024
Ransomware

Gazp Ransomware Locks Victim Systems

Gazp, a form of ransomware that belongs to the Djvu family, is known for encrypting data and appending the ".gazp" extension to file names. In addition, it also generates a "_readme.txt" file containing instructions... Read more

July 11, 2023
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.