Cat Ransomware Description
Although the Cat Ransomware is already potent enough to wreak havoc on any computer it infects, it becomes even more threatening when the fact that its ransom note is missing some crucial information is taken into account.
First, let's start with the telltale sign of a Cat Ransomware infection - every file encrypted by the threat will have '.cat' appended to its original filename as a new extension. The ransom note will then be dropped in two forms - as a pop-up window displayed to the affected user and inside text files named 'КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt' that will be placed in every folder containing encrypted data.
Almost immediately, it becomes obvious that the Cat Ransomware is designed to target Russian and Russian-speaking users exclusively. Indeed, both ransom notes are written entirely in Russian and feature no translations into other languages. More importantly, however, the ransom note shows that the threat is still under construction and has been unleashed prematurely.
The main purpose of the notes dropped by ransomware threats is to provide the victims with a stable communication channel with the criminals. That way, affected users can ask for additional details or receive further instructions on how to recover their files potentially. In the Cat Ransomware case, the hackers appear to have chosen SMS text messages as their preferred way of communication. There is a huge problem, though, as instead of the required phone number and the subject of the SMS, there is nothing but placeholder characters. In practice, this means that users already affected by the Cat Ransomware are now left stranded with very little options for recovery of the encrypted data. The ransom note also was supposed to threaten victims that they have a limited number of tries to decrypt their files, but that number is again only a placeholder at the moment. The Cat Ransomware is a powerful crypt locker threat that belongs to the Xorist Ransomware family.
The entire text of the note in its original Russian is:
'Внимание! Все Ваши файлы зашифрованы!
Чтобы восстановить свои файлы и получить к ним доступ,
отправьте смс с текстом XXXX на номер YYYY
У вас есть N попыток ввода кода. При превышении этого
количества, все данные необратимо испортятся. Будьте
внимательны при вводе кода!'