A3C9N Ransomware
The A3C9N Ransomware is a new malware threat based on the Snatch Ransomware. Its only differentiating characteristics are the extension used to mark the encrypted files and the hackers' email addresses.
Once inside the user's computer, A3C9N Ransomware, just like other members of the Snatch Ransomware family, proceeds to target the most widely used filetypes and encrypt them with solid cryptographic algorithms that are virtually impossible to be brute-forced. This ensures that the hackers are the only ones possessing the decryption key required for the restoration of the locked files. Every file encrypted by this malware threat will have '.a3c9n' appended to its original filename as a new extension. The ransom note with instructions from the criminals is dropped as a text file named 'RESTORE_A3C9N_FILES.txt' in every folder containing locked data.
Victims of A3C9N Ransomware are told to send a message to the criminals with the title of the message being the malware's specific extension. For this purpose, two email addresses are provided - repairdb@seznam.cz or repairdb@mail.fr. The note doesn't mention a specific sum, but it states that users can send up to 3 files that are no bigger than 1MB for free decryption.
When dealing with the aftermath of a ransomware attack, the best possible scenario is to use a legitimate anti-malware program to clean the compromised system and restore the encrypted data from a previously created backup. If no such backup exists, it is recommended to create an image of the affected drives and wait. There have been cases when a potentially critical flaw or bug in the ransomware has led to the files' decryption. In other cases, the hackers themselves have released either the decryption keys or their malware's entire code.
The full text of the note left by A3C9N Ransomware is:
'Hello!
All your files are encrypted, write to me if you want to return your files – I can do it very quickly!
Contact me by email:
repairdb@seznam.cz or repairdb@mail.fr
The name of the letter must contain an encryption extension
Do not rename encrypted files, you may lose your files permanently.
You may be a victim of fraud. Free decryption as guarantee.
Send us up to 3 files for free decryption.
The total size of files must be less than 1 Mb! (non archived), and files should not contain valuable information. (databases,backups, large excel sheets etc.)
!!! Do not turn off or restart the NAS equipment. This will result in data loss !!!'
