Flame Ransomware

The Flame Ransomware is a harmful threat, based on the Chaos Ransomware strain. These malware types are deployed as part of attack operations targeting the victim's data. By running strong encryption algorithms, ransomware threats will lock any documents, images, databases, archives and many other file types found on the breached devices. In the vast majority of cases, the operators of ransomware are financially motivated and will try to extort money from the impacted users or organizations.

When activated, the Flame Ransomware, just like other members of the Chaos Ransomware family will encrypt the targeted data and modify the names of the files by appending a random 4-character string to each one. In addition, the desktop background of the device will be switched to a new one carried by the threat. Another ransom-demanding message will be dropped inside a text file named 'read_it.txt.'

The instructions in the text file are written entirely in Russia, while the message shown in the Desktop background is in English. However, both messages contain little useful information. They mainly tell victims to contact the cybercriminals by messaging the 'b5cce0d45fd0@list.ru' email addresses.

The full text of the ransom note is:

'Flame, это не вирус, это просто программа, которую вы запустили на свой же страхи риск. Давайте как договаривались, ну без фокусов и претензий. Я тебя предупреждал в дисклеймере, по поводу всех этих последствий и т.д. Не хотел бы - не запустил бы, а если не знаешь английский, мамкин ты задрот, иди учись, и не ленись читать по переводчику!'

Flame Ransomware's desktop image contains the following message:

'YOUR FILES HAVE BEEN ENCRYPTED*

YOUR FILES WERE ENCRYPTED BY THE FLAME UTILITY. TO DECRYPT YOUR FILES AND REMOVE THIS NOTIFICATION, CLICK ON THE "DECRYPT MY FILES" BUTTON. TECHNICAL SUPPORT - b5cce0d45fd0@list.ru

*Please read the disclaimer!
This program is not a virus, but just a utility that allows you to encrypt user data at will in one click.'