Chernobyl Ransomware
The Chernobyl Ransomware is not an entirely unique malware threat. In fact, analysis performed by cybersecurity experts has revealed that the threat is a variant based on the previously identified ransomware known as Babuk. Despite this fact, Chernobyl Ransomware's capacity to cause damage to the breached computers should not be underestimated. Victims will lose access to numerous file types found on the targeted machine.
The telltale sign of an attack involving this threat would be the '.chernobyl' extension appended to the original name of every encrypted file. In addition, the threat will create a new text file on the device tasked with carrying a ransom note with instructions from the attackers. The name of this file is 'Restore Your Files.txt.'
Demands Overview
Chernobyl Ransomware's message reveals that the main targets of the threat are corporate entities and organizations. The attackers reveal that they demand to be paid a ransom of €60, 000 in assist with the restoration of the locked files. The funds must be transferred to the provided crypto-wallet address as Bitcoins.
Furthermore, the note shows that the cybercriminals are running a double-extortion scheme. Apart from encrypting important documents and files, they claim to have also stolen sensitive and confidential information from the infected devices. If victims refuse to pay the demanded ransom, their data will supposedly be offered for sale to other cybercriminal organizations or released to the public. The only way to reach out to the hackers is via the 'chernobylransomware@protonmail.com' email address.
The entire set of instructions left by Chernobyl Ransomware is:
'[+] What has happened? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension ".chernobyl".
You can restore everything, but you need to follow our instructions. Otherwise, you can never return your data.
And that shouldn't be the only worry on you mind, since we downloaded sensitive information from your network prior to it's encryption.
If our demands are not met, we'd be forced to release it publicly. Some highly valuable information will be sold to other cybercriminals who would be commiting financial fraud for the upcoming month with the personal data of your employees
[+] Guarantees [+]
To restore your network and secure the personal information of your company - you should pay the ransom. We guarantee that we will restore your network, delete all your data from our servers, it will not be leaked nor sold anywhere. That is our promise and business model
In addition we will provide you with instructions on patching vulnerabilities in the network so that you would be secure in the future. Consider it a cybersecurity expenditure, and us - consulting/auditing company, albeit illegal but very professional one
Now to the main agenda: we demand 60 thousands EUR in bitcoin, it's a very modest price compared to what you'd be asked for network restoration or hiring cybersecurity company to deal with vulnerabilities(and I promise you, they can't recover your data - usually they just receive hefty payment, pay the asked ransom from it and save the cut, they're real crooks :D)
Also this sum includes dissuasion to sell your data, which would damage your reputation. If you pay - nothing will be leaked nor sold
[+] How to pay/negotiate [+]
Our contact details are as follows: chernobylransomware@protonmail.com
Btc wallet for payment: 1PbjpEYvCK7GCB4FmaZEewMjhT7N6rWnn2
You can google how to buy bitcoins, it's fairly straightforward and easy nowadays. As soon as the payment done, we will send you the decryption keys along with instructions on how to use it. Additionally we will provide you with guidance on how to fix vulnerabilities or answer any of your questions on the topic, feel free to contact us
-----------------------------------------
We advise against using any sofware to restore your files. You will certainly not succeed but you might damage them so that further restoration will be impossible. On our part, we guarantee help
-----------------------------------------
With regards,
Valeriy Legasov, CTO of Chernobyl Group'
