The AMC Ransomware appears to be another malware threat that could be used by cybercriminals in aggressive attack campaigns. If deployed successfully on a computer, the threat will run a wide-reaching encryption routine that will lock nearly all of the files found on the device. Victims will then find that they can no longer access any of their databases, archives, documents, images, etc.
As part of its intrusive activities, the AMC Ransomware will mark each locked file by appending a new extension to the file's original name. Instead of using the same extension for all files on the system like nearly all ransomware threats, AMC generates a different 4-character string for each encrypted file. Finally, it will create a text file named 'ransom_read_it.txt' on the infected system. Inside the file will be the threat's ransom note with instructions for its victims.
AMC Ransomware's Demands
The ransom note states that the threat uses the AES-256 cryptographic algorithm, military-grade encryption that is publicly available. The AMC Ransomware's note also reveals that the hackers expect to receive the sum of $900 million paid in Bitcoin if they are to assist the victim in restoring the locked data. The demanded sum seems bit overblown and unrealistic, which could signal that the current versions of the threat are still being tested. The note also provides a payment website accessible only via the Tor browser.
The full text of the ransom message is:
'Attention! All your files has been encrypted by AMC ransomware. there is no escape. You are trapped. Your files has been encrypted with AES-256 encryption.
To get your files back, pay $900000000 to the below bitcoin adress. Make sure you only pay in bitcoin and do make sure that you have pay through the Tor browser. Here is the link. First, download Tor browser, paste the link given below and click pay to get your decrypter tool.
See you there!!!!'