Aurora Ransomware
Aurora, also known as Animus and OneKeyLocker, is ransomware that was first observed at the end of May 2018.
Like other ransomware, Aurora is distributed via malicious spam email attachments. When a user executes Aurora it encrypts their files and appends them with either the .Aurora or .desu extensions. Files may also be renamed to the hexadecimal code of the original filename.
A text file is saved to the user’s desktop containing a ransom note demanding payment in Bitcoin. At the time of publication, there is no publicly available tool to decrypt affected files.
Indicators of Compromise
File hashes (SHA 256):
- 41d35a960b3f28b1a729cdae920573de3ccefef7fdd3bbdb9d3ce729b6aa5277
File hashes (MD5):
- 31d65e315115c823f619a381576984f8
- 110018a135211a57eaa946b9f2ffc7e9
Domain:
- lulaaura[.]top
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.