Cyberpunk Ransomware
Infosec researchers are warning computer users about a new Dharma Ransomware variant tracked as the Cyberpunk Ransomware. Despite lacking any meaningful improvements, the Cyberpunk Ransomware can still wreak havoc on the breached devices by running an encryption routine with a military-grade cryptographic algorithm. The threat targets a wide range of file types and leaves them in an inaccessible state. The operators of the malware will then attempt to extort money from their victims by promising to send back a decryption tool and the necessary decryption keys.
Following the typical Dharma pattern, The Cyberpunk Ransomware also modifies the names of the files it locks. The threat adds an ID string that was generated specifically for the victim, followed by the 'cyberpunk@onionmail.org' email address. Finally, all files will have '.CYBER' appended to their names as a new file extension. Two ransom notes with instructions for the victim will be delivered by the threat. The main ransom-demanding message will be displayed as a pop-up window, while a secondary note will be dropped on the infected system, inside a text file named 'CYBER.txt.'
Opening the text file will reveal a very brief message that simply tells victims of the threat to message either the 'cyberpunk@onionmail.org' or 'cyberpsychomsgsafe.io' emails. The pop-up window is a bit longer but it also fails to mention many important details, such as the size of the demanded ransom, whether the money has to be transferred in a specific cryptocurrency, if the hackers are willing to decrypt some files for free, etc. Instead, the pop-up ransom note contains multiple warnings Its full text is:
'YOUR FILES ARE ENCRYPTED
cyberpunk
Don't worry, you can return all your files!
If you want to restore them, write to the mail: cyberpunk@onionmail.org YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:cyberpsycho@msgsafe.io
ATTENTION!
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The message in the text file is:
all your data has been locked us
You want to return?
write email cyberpunk@onionmail.org or cyberpsycho@msgsafe.io'
