Clown Ransomware
Infosec researchers came across a new ransomware called Clown. Upon further analysis, we discovered that this threatening program is based on the Chaos Ransomware. Upon further investigation, it was discovered that the ransomware encrypts files present on breached systems and modifies their filenames by appending a new extension, '.clown.' For instance, a file named '1.doc' would now appear as '1.doc.clown' after the encryption process. The ransomware then left a ransom note on the desktop in the form of a file named 'read_it.txt.'
Clown Ransomware's Demands Thousands of Dollars as Ransom
The ransomware message sent by the attackers to the victims informs them that their files have been encrypted and the only way to recover their data is to buy the decryption software from the attackers. The ransom price stated in the message is 2.1473766 BTC (Bitcoin cryptocurrency), which is incorrectly converted to $24,622.70 USD in the message. However, the actual value of 2.1473766 BTC at the time of writing is approximately 50 thousand USD, which is subject to constant fluctuation, due to changing conversion rates.
Our experience in analyzing and researching thousands of ransomware infections leads us to infer that decryption of encrypted files is typically impossible without the involvement of cybercriminals. There may be some rare exceptions, such as attacks that use deeply flawed ransomware or programs that are still in the development stage.
Don't Follow the Demands of Cybercriminals
Victims who have fallen prey to ransomware attacks, including the Clown Ransomware, may not always receive the promised decryption keys or software, even after fulfilling the ransom demands. As a result, security experts strongly advise against paying the ransom, as it does not guarantee the recovery of the encrypted data and also perpetuates the illegal activities of cybercriminals.
To prevent the further encryption of files by the Clown Ransomware, the malware must be completely removed from the affected operating system. However, removing the ransomware will not lead to the automatic restoration of the already encrypted files. The only solution to recover the encrypted files is to recover them from a backup (if one is available).
To ensure the safety of the data, it is highly recommended for users to maintain regular backups of necessary files and store them in multiple locations, such as remote servers and unplugged storage devices, to reduce the risk of losing data due to a ransomware attack or any other catastrophic event.
The full text of the ransom note left by the Clown Ransomware is:
'All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $24,622.70. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.comPayment informationAmount: 2.1473766 BTC
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV'
