CIA Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 18,458 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 13 |
| First Seen: | December 14, 2022 |
| Last Seen: | August 29, 2023 |
| OS(es) Affected: | Windows |
Threat actors, sometimes, change the way their creations act. The CIA Ransomware is an example of different ransomware. The first action of almost any ransomware threat is to invade a computer, encrypt the most necessary files it finds and change these files' names so that the victims can recognize easily the affected data. Although having two working versions, none of them changes the encrypted files' names. However, the CIA Ransomware alters the desktop wallpaper so that it can display its ransom note. Both variants of the CIA Ransomware exhibit the same ransom message in a text file named "README.txt."
However, the messages presented on the ransom notes are not the same. They contain general instructions to the victims and ask for a ransom of $100 in BTC (Bitcoin), XMR (Monero), LTC (Litecoin) or ETH (Ethereum) cryptocurrencies.
Security experts warn that the CIA Ransomware can enter a computer via JavaScript software repositories, npm and PyPI (Python Package Index); however, it also can use the more traditional infection methods, such as social engineering, phishing emails, corrupted advertisements, etc.
One of the ransom notes presented by the CIA Ransomware to its victims reads:
'Hello, I have encrypted some of your file: (
Please message me on telegram @ hxxps://iamthecia.t.me/ to get the key.
This will require you to pay a small fee of $100 USD in BTC, ETH, LTC, or XMR.
If you do not pay the fee, I will delete the key and you will not be able to decrypt your files.
You have 24 hours to pay the fee.BTC: bc1qu4uqjekrem5n0xp5376zlyuj4jntgesj7ydsz5
ETH: 0xc404BC7A7A367755D9DAea0644A1A0d8C44D6431
LTC: LKRQiXoUnibEabxrxExGsYPQHeQiuTnWKH
XMR: 41p48TumqvKQdGYZJs1ALE95C2Zvq2MuTC7W2gx5r7T 5A25rDPSsRrHEkWKs7q28XMD9T3w7qbR3pZAZfNxZNvZy4PH5pLROnce you have paid the fee, please send me the following information:
Your Identifier is: -
Your Operating System is: windows
Your Architecture is: 386Thank you,
CIA'
The ransom note presented by the other version of the threat reads:
'Hello, I have encrypted some of your file: (
Please message me on telegram @ hxxps://iamthecia.t.me/ to get the key.
This will require you to pay a small fee of $100 USD in BTC, ETH, LTC, or XMR.
If you do not pay the fee, I will delete the key and you will not be able to decrypt your files.
Your Identifier is: -
Your Operating System is: windows
Your Architecture is: 386
Don't delete this file, it is required to decrypt your files.
Thank you,
CIA'
