Coms Ransomware

It appears that the Dharma ransomware family is still a popular choice among cybercriminals, as a new variant has been detected in the wild. Named Coms Ransomware, the threat doesn't exhibit any meaningful improvements or deviations from the typical Dharma variants' behavior. That, however, doesn't make Coms Ransomware any less threatening. Any computer infected by the threat will have its files locked with a strong encryption algorithm. Victims will then be extorted for money in exchange for the potential restoration of the encrypted data.

The Coms Ransomware follows the usual naming pattern observed in the countless Dharma variants - all locked files will have an ID string assigned to the victim, an email address under the control of the hackers, and a unique file extension appended to their original names. In the case of the Coms Ransomware, the email address is 'golbnaty@aol.com' while the new extension is '.coms.' After the encryption process has finished locking the victim's files, the threat will start delivering its ransom note. The instructions from the hackers will be displayed in a pop-up window, as well as contained inside text files named 'FILES ENCRYPTED.txt.'

The note states that to receive the decryption tool and key from the hackers, users will have to transfer an unspecified sum using the Bitcoin cryptocurrency. The amount demanded by the cybercriminals will supposedly be based on the time it takes affected users to initiate contact. Two email addresses are provided as communication channels - the primary one is 'golbnaty@aol.com' while the secondary address is 'supporte@onionmail.org.' A single file that is less than 1MB in size and doesn't contain any valuable information can be attached to the email message and will be decrypted for free.

The instructions displayed in Coms Ransomware's pop-up window are:

'All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail golbnaty@aol.com
Write this ID in the title of your message -
In case of no answer in 24 hours write us to theese e-mails:supporte@onionmail.org
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.

Free decryption as guarantee
Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The message found inside the text files is:

all your data has been locked us
You want to return?
Write email golbnaty@aol.com or supporte@onionmail.org.'