Arizona Ransomware
At first glance, the Arizona Ransomware appears to be another potent ransomware threat that can wreak havoc on the systems it infects. Due to the strong encryption algorithm utilized by the threat, all locked files will be virtually impossible to restore without having the proper decryption key.
As part of its actions, the Arizona Ransomware will mark each file that it has locked by adding '.AZ' to the file's original name. When all targeted file types have been processed and encrypted, the threat will proceed to deliver its ransom note. The message is delivered as a text file named 'README.txt,' which will be created on the desktop of the breached device. The Arizona Ransomware also will substitute the current desktop wallpaper with a new image.
Ransom Note's Details
Here is where the typical ransomware characteristics end, though, as opening the ransom note reveals an almost incomprehensible mess of pop-culture and Internet meme references. The note is structured as an FAQ and each question gets weirder progressively.
The hackers make a 'Joe Mama' joke, mention something called the 'cactus squad,' the singer Rick Astley, and the starting lyrics of Smash Mouth's hit song 'All Star.' Two of the supposed questions contain links to VM software products. As such it is hard to determine the real goals of the Arizona Ransomware operation.
What coherent information can be extracted, and if the hackers can be believed, points out that users will not be asked to pay a ransom for the decryption of their data. All that is needed is to send a message to the 'WhoIsJoeMamma1234@protonmail.com' email address. There also is a link leading to a supposed decryptor tool. The note ends with the warning the users have 6 days to unlock their files.
The full text of the Arizona Ransomware's note is:
'All of your files have been encrypted
Your computer was infected with The Arizona Ransomware. Your files have been encrypted and you won't be able to decrypt them without my help. Lisen to our FAQ for more information----FAQ----
Q: How do I pay? Where do i get bitcoin?
A: You cant pay with bitcoin, but you can email us here to unlock your computer,
----> WhoIsJoeMamma1234@protonmail.comQ: The cactus squad is here
A: Fake, you know that isint real silly!Q: What is the cost of the decryptor?
A: It's Free, as no Bitcoin is required.Q: What is CollabVM?
A: Read here ---> hxxps://computernewb.com/wiki/CollabVMQ: What is UserVM
A: Same as above, only that users like YOU host the VM'sQ: Furries are here
A: I dont care, i have alot of defenses set up such as using rick astley to defeat you! (Go To hxxp://gg.gg/NOU2022 For Free Decryption Program)Q: SOMEBODY ONCE TOLD ME I GOT DECRYPTOR
A: No, just no----FAQ END-----
DECRYPT NOW! You Have 6 days to do so!'
