C1024 Ransomware

Malware researchers have recently identified a new member of the Dharma Ransomware family. It is called C1024 Ransomware, and it does not seem to come with any significant improvements or added features compared to previous variants of the Dharma Ransomware family threats. The characteristic for this variant is the ".C1024" extension that is assigned to each encrypted file. C1024 also appends an individual victim's ID and the e-mail address code1024@keemail.me to the names of the corrupted files.

The C1024 Ransomware generates two ransom notes. For once, it creates a file named "info.txt" file and then displays to its victims a pop-up window, both messages containing the following two e-mail addresses: code1024@keemail.me and code1024@onionmail.org. The victims should use these e-mail addresses to contact the attackers and get more information about the payment amount and other details. As typical for ransom notes, users are warned not to rename the encrypted files or employ third-party software for their decryption because such attempts would cause permanent data loss.

Users typically get infected with ransomware after downloading files or programs, fake software updaters, and software cracking tools from untrusty sources. Other popular means of distribution are corrupted e-mail attachments or links on social media platforms. Unfortunately, once your files are encrypted, they get nearly impossible to recover, even if you opt to pay the ransom. Often cybercriminals never send the decryption tool as promised, and victims are only left with huge financial and data losses.

The C1024 ransom note contains the following text:

"YOUR FILES ARE ENCRYPTED

1024

Don't worry, you can return all your files!

If you want to restore them, write to the mail: code1024@keemail.me YOUR ID -

If you have not answered by mail within 12 hours, write to us by another mail:code1024@onionmail.org

ATTENTION!

We recommend you contact us directly to avoid overpaying agents

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam."

The text in the file reads as follows:

"All your data has been locked us

You want to return?

write e-mail code1024@keemail.me or code1024@onionmail.org"