Drik Ransomware
The Drik Ransomware is capable of blocking users from accessing nearly all of their files. Cybersecurity researchers have classified the Drik Ransomware as a new Phobos variant. After being delivered to the victim's device, the Drik Ransomware will activate its encryption process and target a wide range of files. Each file will be locked with a strong cryptographic algorithm and rendered completely inaccessible and unusable.
As part of the process, the threat also will mark every locked file by changing its original name. The Drik Ransomware assigns a unique ID number to the victim and then appends it to the names of the encrypted files. It also adds an email address - 'jackrasal@privatemail.com.' Lastly, it will set '.Drik' as the new file extension. Upon locking all targeted files, the Drik Ransomware will drop two ransom notes on the infected device. One will be placed inside a newly-created text file named 'info.txt.' However, the main note will be displayed in a pop-up window created from an 'info.hta' file.
Demands' Overview
The ransom note delivered via the text file is extremely short. It tells victims to establish contact with the attackers by sending a message to the same email address or their Telegram account. The ransom note in the pop-up window contains far more details. It states that victims must send their respective ID found in the note itself, as well as in the name of each encrypted file. The exact price of the ransom will apparently depend on how fast victims reach out.
The attackers also promise to decrypt up to 5 locked files for free. However, the chosen files must not exceed a combined size of 4MB in non-archived states. They must not contain any valuable or important information, either.
The ransom-demanding message displayed in the pop-up window is:
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail: jackrasal@privatemail.com
Write this ID in the title of your message -
Or text in the messenger Telegram: @jackrasal
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The ransom note delivered via the text file is:
'!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: jackrasal@privatemail.com.
Our online operator is available in the messenger Telegram: @jackrasal'
