69 Ransomware

The 69 Ransomware threat appears to have been designed to target individual users primarily. 69 Ransomware's destructive capabilities allow it to impact a large number of file types and leave them in an unusable state. The cryptographic algorithm used in the encryption process ensures that restoration of the data without having the necessary decryption keys would be practically impossible.  

Victims of the 69 Ransomware will notice that their documents, PDFs, photos, archives, databases and more have all been encrypted. The names of the affected files will now carry the '.69' file extension. Another change caused by the 69 Ransomware will be the appearance of an unfamiliar text file on the breached device. This file will be named 'Readme_now.txt' and its role is to deliver a ransom note with instructions for the victims.

However, the message left by the 69 Ransomware is extremely brief and lacks many important details. The cybercriminals do not mention the amount of money they are trying to extort from their victims, whether the payments must be made using a specific cryptocurrency, or if victims of the threat are allowed to send a couple of locked files to be decrypted for free. Typically, cybercriminals agree to decrypt some small and non-important files, as a demonstration of their ability to restore the user's data. Instead, the 69 Ransomware instructs its victims to message the 'demon386@onion.com' email address.

The full text of the threat's ransom note is:

'Your personal files have been encrypted, send an email to demon386@onion.com to recover them. Your ID:'