Ololo Ransomware: Another Member From the MedusaLocker Family

ransomware

What is Ololo Ransomware?

Ololo Ransomware is a strain of malicious software that belongs to the MedusaLocker ransomware family. It is a group known for aggressively encrypting victims' files and asking for ransom payments in exchange for file access. Once installed, Ololo Ransomware targets a wide range of file types and alters their extensions by appending ".ololo" to each one. For example, a file named "photo.jpg" becomes "photo.jpg.ololo," effectively locking the user out of their data.

In addition to encrypting files, Ololo drops a ransom note titled RETURN_DATA.html into affected directories. This note informs victims that their files have been encrypted using a combination of RSA and AES encryption algorithms, making it impossible for them to recover without the attackers' decryption key. The note also issues warnings: attempting to use third-party tools or renaming encrypted files could result in permanent data loss.

What Ransomware Programs Do

Ransomware, like Ololo, is a form of malware designed to extort money from victims. It works by encrypting personal or business data, making it inaccessible. Once the damage is done, the ransomware shows a message demanding a ransom in exchange for the decryption key. Failure to comply often comes with threats—data deletion, public release of stolen files, or a rising ransom fee over time.

Ransomware can be devastating for both anyone. In Ololo's case, the attackers take it a step further by claiming they have exfiltrated confidential data and stored it on a private server. If the ransom isn't paid promptly, the criminals threaten to release or sell this sensitive information. However, they promise to delete it permanently once the ransom is settled—a common but unverified assurance in such attacks.

The Ransom Note’s Demands and Threats

Victims are told to contact the attackers through one of two provided email addresses—chesterblonde@outlook.com or uncrypt-official@outlook.com. The note emphasizes urgency, warning that if the victim does not make contact within 72 hours, the ransom amount will increase. This time-pressure tactic is designed to coerce victims into quick decisions, often before they can consult cybersecurity experts or explore recovery options.

The attackers assert that no freely available decryption software can unlock the affected files, positioning themselves as the sole providers of the recovery solution. In reality, while third-party decryption tools are sometimes developed for known ransomware strains, most remain unbreakable unless security researchers or law enforcement agencies gain access to the attackers' keys.

Here's what the ransom note says:

Your personal ID:
-
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

email:
chesterblonde@outlook.com
uncrypt-official@outlook.com
* To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

How Ransomware Like Ololo Spreads

Like many other ransomware strains, Ololo often reaches victims through phishing emails, malicious websites, fake software downloads, and compromised file attachments. Files such as infected Word documents, executable (.exe) files, or disguised ISO files may be used as carriers. Users are typically tricked into downloading or opening these files, unknowingly activating the ransomware on their systems.

Other infection methods include peer-to-peer (P2P) networks, third-party downloaders, outdated software vulnerabilities, and infected USB drives. Once activated, the ransomware can quickly encrypt files on the infected machine and potentially spread across connected systems on a local network if not stopped promptly.

Protection and Prevention Strategies

Probably, the most effective protection against ransomware is prevention and preparedness. Routinely back up important files to an external drive or a safe cloud service that is not continuously connected to your system. This make sure that even if ransomware strikes, your data can be restored without transferring the ransom.

Avoid downloading pirated software, using unverified activation tools, or visiting suspicious websites. Always keep your operating system and all installed applications updated with the latest security patches. Employ reliable antivirus software and scan your system regularly for threats. For businesses, it is essential to train employees in recognizing phishing attempts and to implement network-level defenses.

What to Do If Infected

If you fall victim to Ololo Ransomware, disconnect your device from the internet at once to prevent further spread. Do not pay the ransom; there is no guarantee that you will get a working decryption tool or that your data won't be leaked anyway. Instead, consult cybersecurity professionals who can help assess your options and possibly recover some of your data.

Removing the ransomware is critical. Use trusted antivirus tools to clean your system, and if backups are available, restore your data from there. In some cases, security researchers may develop decryption tools for specific ransomware strains, so it's worth keeping an eye on updates from cybersecurity organizations.

Final Thoughts

Ololo Ransomware is a dangerous new entrant in the MedusaLocker family, combining strong encryption with aggressive extortion tactics. While paying the ransom may seem like the only option, victims are encouraged to seek professional help and focus on long-term protection strategies. Awareness, cautious digital behavior, and regular backups remain the best defense against the rising tide of ransomware threats.

By Willa
June 6, 2025
Ransomware
English
June 6, 2025
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

2 months ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

8 months ago

Understand & Mitigate the Threat of W32.AIDetectMalware

11 months ago

What is the Packunwan Trojan Horse Threat and How It May...

12 months ago

Program:Win32/Wacapew.C!ml: A Closer Look At The Threat And...

7 months ago

Related Posts

Ransomware

ReadSRead Ransomware Joins MedusaLocker Family of Clones

The newest member of the MedusaLocker ransomware family spotted in the wild is called the ReadSRead ransomware. The new variant behaves like most recently discovered MedusaLocker clones do. Files are encrypted by... Read more

July 14, 2022
Ransomware

Powd Ransomware is a New Djvu Family Member

Powd is the name of a newly discovered ransomware variant that belongs to the Djvu family of ransomware clones. The new variant will encrypt the victim system and scramble almost every file on its drives. Encrypted... Read more

October 27, 2022
Ransomware

Zatp Ransomware is a New Djvu Family Member

Zatp is the name of a file-encrypting strain of malware, also known as ransomware. The new variant belongs to the family of ransomware variants based on Djvu ransomware code. Zatp will affect most files found on an... Read more

November 7, 2022
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.