Ducky Ransomware

By CagedTech in Ransomware

Translate To:

The Ducky Ransomware is a ransomware threat that has been observed in the wild. The Ducky Ransomware can completely lock users out from accessing their own files. The threat achieves this by deploying an encryption routine with a strong cryptographic algorithm on any compromised system. All files encrypted in this manner will have '.ducky' appended to their original names as a new extension. Like all ransomware, Ducky will then proceed to extort its victims for money in exchange for the decryption key and tool that could potentially restore the locked files.

The Ducky Ransomware delivered its ransom note in two different forms. The threat will drop text files named 'RECOVER YOUR FILES.txt' in all folders containing encrypted data. At the same time, a pop-up window will be generated from a file called 'RECOVER YOUR FILES.hta.' The text files tell the victims of the Ducky Ransomware that they will have to establish communication with the hackers. For that purpose two communication channels are provided - an email address at 'ballxball@protonmail.com' and a Telegram account '@duckydecrypt.' The hackers warn that after 48-hours have passed, the price for decryption will be doubled.

The message displayed in the pop-up window is nearly identical. The only significant difference is the inclusion of a warning about anti-malware products potentially corrupting the encrypted files or deleting the Ducky Ransomware threat, which could make decryption impossible.

The ransom note delivered inside the text files states:

'All your files have been encrypted due to a security problem with your PC. Write to us in telegram, we will help you: T.me\duckydecryptWrite to the contacts, we will help you recover several files for persuasion: ballxball@protonmail.com
YOU HAVE ONLY 48 HOURS TO CONTACT US. WHEN THIS TIME ENDS THE PRICE WILL BE TWICE AS MUCH
YOUR ID: -
# ATTENTION !!!
DO NOT RENAME THE FILES.
The message from the pop-up window is:
DUCKY VIRUS
WHAT HAPPENED WITH MY COMPUTER?
All Files on your system has been encrypted with DUCKY Virus.
Nobody will be able to decrypt ANY of your files without our decryption service. Dont waste your time.
CAN I RECOVER MY FILES?
Write to us, we will help you recover files for free:
ballxball@protonmail.com
or contact with us telegram: @duckydecrypt
Your personal key:
Any antivirus sortware can corrupt files, if you want save back your files, turn off antivirus, it can delete our application.'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Ducky Ransomware

Submit Comment

Related Posts

Ducky Stealer

Aducky

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen