VERY IMPORTANT

This ransomware encrypts files and uses .braincrypt as file name extension for encrypted files. It leaves a ransom note with the following filename: !!! how to decrypt files !!!.txt The ransom note contains the following text: YOUR FILES WERE ENCRYPTED. TO DECRYPT FILES, PLEASE, CONTACT US WRITING ON THIS EMAIL: headlessbuild@india.com YOUR PERSONAL ID: <Personal ID of your computer, for example: 4df7065b1d049d098526344faaabf3f8> This ransomware is developed using the Go programming language. It connects to a certain URL, likely controlled by the attacker, using a specific Go user-agent: URL: hxxp:// alex-luthor. myjino .ru/ htdocs/gateway/gate.php?uuid=<Personal ID of your computer, for example: 4df7065b1d049d098526344faaabf3f8> User-agent: Go-http-client/1.1 The ransomware makes this connection presumably to report that your computer has been compromised. However, during analysis, the URL is inaccessible.