Dark Web Hacker Ransomware

By using the Chaos Ransomware threat as a basis, cybercriminals have created another threatening malware that targets computer users' data. This new variant of the Chaos Ransomware family is tracked as the Dark Web Hacker Ransomware and it can affect a wide range of file types, leaving all of them in a completely inaccessible state. It should be noted that two versions of the threat have been confirmed by infosec researchers.

Both Dark Web Hacker Ransomware versions behave in an identical way. They encrypt the victim's files and append a random 4-character string to each one as a new file extension. When all targeted file types have been locked, the threats will change the current desktop wallpaper to a new one containing instructions from the attackers. Another ransom note will be dropped on the breached devices as a text file named 'read_it.txt.'

Different Ransom Notes

Where the two versions of Dark Web Hacker Ransomware differ is in the text of the delivered ransom-demanding messages. However, even though the general message is not the same, nearly all of the important details are identical. Both versions instruct their victims that to restore their data, they will need to pay a ransom of exactly $3000 to the cybercriminals. Payments will only be accepted in Bitcoin and the money must be transferred to the provided crypto-wallet addresses. Both notes also leave the same email addresses as a way to contact the threat actors - 'anonymoux@dnmx.org.'

Ransom notes left by Dark Web Hacker Ransomware:

Version 1:

'Oops!

Dark Web hacker here ;p
The bad news is ..
All of your important files have been encrypted !
to get them back you must deposit 3000$ in Bitcoin
on the following address : 1LimHcZ5xZmRcFEJBBr96TWW7zQ1arrwZv
or you can never recover your data again.

The only solution :

is to buy our secret software which will be deliver to your inbox
for unlocking your system automatically .

Then, after payment ..
send a mail asking us to deliver our software : anonymoux@dnmx.org'

Version 2:

'Your files have been encrypted by Dark Web hackers !
All of your data is now infected with a new worldwide ransomware .
Nothing you can do in order to decrypt them ..
unless you transfer us 3000 $ in Bitcoins
on this addess below :
3GafnyLVSqUh2H96zSjv7zxDpiBBf8ujPM

Therfore,
after payment you must ask us for the decryption password on our mail
( anonymoux@dnmx.org )'

The messages delivered as desktop wallpaper images are the following:

Version 1:

'All of your data has been encrypted !
anonymoux@dnmx.org

Pay us
US$3,000.00
0.099 299 22 BTC
1LimHcZ5xZmRcFEJBBr96TWW7zQ1arrwZv

Copy Address
Only send Bitcoin (BTC) to this address
or you can never get your files back'

Version 2:

'YOU'VE BEEN HACKED
'ALL YOUR FILES HAVE BEEN ENCRYPTED
THE ONLY WAY TO DECRYPT YOUR FILES
AND RESTORE EVERYTHING TO NORMAL
IS BY CONTACTING US TO GIVE YOU THE PASSWORD
YOU MUST PAY 3000$ IN BITCOINS TO THE FOLLOWING ADDRESS

3GafnyLVSqUh2H96zSjv7zxDpiBBf8ujPM

YOU ARE FREE TO CONSULT EXPERTS, THEY WILL TELL YOU TO PAY
THAT'S THE PURPOUSE OF THIS VIRUS
DO NOT MESS WITH PC RECOVERY, REGISTRY FILES HAVE BEEN INFECTED
AFTER PAYING CONTACT US ON:
anonymoux@dnmx.org'