DaVinci Ransomware

The DaVinci Ransomware is an especially threatening piece of malware that has both screenlocker and data wiper capabilities. This means that it departs from the usual behavior displayed by ransomware threats. The majority of them simply encrypt the files but do not delete them from the compromised machine's drives.

The DaVinci Ransomware still leaves a ransom note, though, displayed in an image placed on the locked screen. In another departure from what is considered typical, the criminals behind this malware want their victims to subscribe to the DaVinci Youtube channel, follow the dvsvmvk_x Instagram account, apart from sending $300 in Bitcoin to the following wallet address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94. Once the payment is sent, the affected users have to contact the hackers by writing an email to Cobra_Locker2.0@protonmail.com. 

Since the DaVinci Ransomware is a data wiper, there is absolutely no point in contacting the criminals. The only way to g the lost data is to use a backup that was created before the malware infection. 

The text of the ransom note of DaVinci Ransomware is:

'Hello I'm DaVinci I have encrypted all your important files!

if you want to recover them follow the instructions

Instructions:

Subscribe me on youtube (DaVinci)

Follow me on instagram (dvsvmvk_x)

Send $300 in bitcoin to this address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

and contact us: Cobra_Locker2.0@protonmail.com.'