DONKEYHOT Ransomware
The DONKEYHOT Ransomware is a hurtful threat carrying powerful encryption capabilities. Cybercriminals can deploy the DONKEYHOT Ransomware on breached devices and use it to lock important and valuable data. Ransomware threats typically target documents, images, PDFs, archives, databases, etc. Victims will lose the ability to access the impacted files, while restoration of the data without the proper decryption keys would be practically impossible.
The DONKEYHOT Ransomware also changes the names of the files it locks. The malware will first generate a random string of characters that will be consistent across the files of the particular victim. Next, the threat will add an ICQ account controlled by the attackers. Finally, the encrypted files will have '.DOKEYHOT' appended to their names as a new file extension. A text file named '#HOW_TO_DECRYPT#.txt' will deliver a ransom note with instructions for the victims.
Reading the message left by the DONKEYHOT Ransomware reveals that its operators are targeting corporate entities primarily and running a double-extortion scheme. Apart from encrypting the data of the infected organizations, the hackers also claim to collect crucial files containing financial records, employees' personal data, manufacturing schemes, blueprints, bank records, etc. The collected data is supposedly going to be published to the public if victims refuse to pay the demanded ransom. The note mentions two potential communication channels - an email address at 'donkeyhot@onionmail.org' and the '@DONKEYHOT' ICQ account.
The full text of the ransom note is:
'Hello my dear friend!
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them, write to our mail: donkeyhot@onionmail.org
Best option is to write us via ICQ live chat which works 24/7: @DONKEYHOT
Install ICQ software on your PC https://icq.com/windows/ or on your smartphone search for "ICQ" in Appstore / Google market
Write to our ICQ @DONKEYHOT hxxps://icq.im/DONKEYHOTAttention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write, the more favorable the conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption, such as test decryption some of them.
We respect your time and waiting for respond from your side.Tell your MachineID: and LaunchID:
SENSITIVE DATA ON YOUR SYSTEM WAS DOWNLOADED.
IF YOU DON'T WANT YOUR SENSITIVE DATA TO BE PUBLISHED YOU HAVE TO ACT QUICKLY.Data includes:
Employees personal data, CVs, DL, SSN.
Complete network map including credentials for local and remote services.
Private financial information including: clients data, bills, budgets, annual reports, bank statements.
Manufacturing documents including: datagrams, schemas, drawings in solidworks format
And more…'
