FIASKO Ransomware
Cybercriminals have unleashed another ransomware threat that can lock the data of their victims. The threat is a variant of the Phobos Ransomware, which is being tracked as the FIASKO Ransomware by infosec researchers and it can impact various file types. The ransom note of the threat reveals that the attackers are using a double-extortion scheme. Apart from encrypting the files found on the breached devices, they also exfiltrated sensitive or confidential data and threaten the release it to the public.
The FIASKO Ransomware generates a specific ID string for each victim and appends it to the names of all locked files. Next, the threat adds the 'decrypt2022@msgsafe.io' email address. Finally, '.FIASKO' is placed as a new file extension. Victims also will notice that two new files have emerged on the infected device. Named 'info.hta' and 'info.txt,' these files carry identical messages with instructions from the threat actors.
According to FIASKO's ransom note, victims will need to establish communication with the hackers to receive additional details, such as the exact sum of the ransom. However, the note does state that only payments made with Bitcoin will be accepted. The attackers also direct their victims towards using a specific messenger client before trying the email address.
The full text of the ransom-demanding message left by FIASKO Ransomware is:
'Hello!
Can i Recover My Files? Sure. We guarantee that you can recover all of your files safely and easily! But You have to be fast!. How fast you will pay as fast all of your data will be back like before encryption.
To contact us:
Download the (Session) messenger (hxxtps://getsession.org) in messenger :" 05301af0473d17cbabb6a4b8e4b39f5080b2e9be6454c0d040a1a2ddcf3ffe4355 " You have to add this Id - and we will complete our converstion.In case of no answer in 24 hours write us to this e-mail:decrypt2022@msgsafe.io
You have to pay for decryption in Bitcoin ONLY!ATTENTION !!!
Do not rename encrypted files, do not try to decrypt your data using third party software, it may permanent data loss.
We have been in your network for a long time. We know everything about your company most of your information has already been downloaded to our server. We recommend you to do not waste your time if you dont wont we start 2nd part.'
