Multi-Device Licenses (Volume Discounts)
Threat Database Ransomware Edw Ransomware

Edw Ransomware

By CagedTech in Ransomware
Translate To:
English

Cybersecurity experts have uncovered a threatening malware equipped with the ability to lock the data of its victims. The threat is tracked as the Edw Ransomware and it is classified as a variant of the Dharma Ransomware threat. Its encryption routine will leave users unable to access most of their files. Documents, PDFs, photos, images, archives, databases, audio and video files, etc. will be subjected to data encryption and left in an unusable state.

Furthermore, their original names will be modified significantly. The threat will append an ID string generated for the specific machine, an email address and finally, '.edw' as a new extension. The email address used by the Edw Ransomware is 'edward22w@aol.com.'

Ransom Note's Overview

The Edw Ransomware will deliver two ransom notes to its victims. One will be displayed in a pop-up window, while the other will be dropped inside a text file named 'FILES ENCRYPTED.txt.' The random-demanding message found in the text file is extremely brief. It simply instructs the affected users to contact the attackers by sending a message to two provided email addresses - 'edward22w@aol.com' or 'edward22w@tutanota.com.' The instructions in the pop-up window do not provide much additional information. Most of the note is taken up by various warnings, such as not renaming the encrypted files or trying to unlock them with third-party software tools.

Edw Ransomware's pop-up window shows the following message:

'YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email edward22w@aol.com YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:edward22w@tutanota.com
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The message delivered in the text file is:

all your data has been locked us
You want to return?
write email edward22w@aol.com or edward22w@tutanota.com.'

Related Posts

Trending

Most Viewed

Loading...