Threat Database Ransomware Flash Ransomware

Flash Ransomware

Cybercriminals have created a new variant of the previously identified Dcrtr Ransomware threat. The new, threatening tool is tracked as the Flash Ransomware and it can impact the files stored on the infected devices. Victims will no longer be able to access any of their documents, PDFs, archives, databases, images and many other file types. Each impacted file will have the '' email address followed by '.flash' appended to its original name. Another threatening variant from the Dcrtr Ransomware family is the Ash Ransomware.

When all targeted file types have been processed and locked, the Flash Ransomware will deliver two ransom notes with instructions for its victims. The main message will be shown as a pop-up window generated from a file named 'Decryptor.hta.' The secondary note will be dropped as a text file named 'ReadMe_Decryptor.txt.'

The message in the text file states that victims must contact the attackers by sending an email to the '' address. A single file that is less than 500 KB in size can be attached to the message to be decrypted for free. The pop-up window contains additional communication channels, including two emails - '' and '' and a Jabber account at ''

The full text of the pop-up note is:

'To recover data, write here:
2) (if you are Russian, then you need to register on the site through the TOR browser hxxps:// , since the proton is prohibited in your country)
3) Jabber client - (registration can be done on the website - web client is located on the site - hxxps://

Do not modify files - this will damage them.
Test decryption - 1 file < 500 Kb.'

The text file contains the following message:

'To recover data, write here:

Do not modify files - this will damage them.
Test decryption - 1 file < 500 Kb.'

Related Posts


Most Viewed