FLSCRYPT Ransomware

Infosec experts have identified a ransomware threat named FLSCRYPT. After analyzing the underlying code and behavior of the malware, the researchers concluded that it is a variant of the Phobos Ransomware family. However, the capacity of FLSCRYPT to cause damage is not to be underestimated. If executed successfully on the victim's device, the threat will activate an encryption routine that will leave numerous file types in an unusable state.

The threat then changes the original names of the all locked files. It appends an ID string, an email and a new file extension. The email is 'decrypt2022@onionmail.org' and the added extension is '.FLSCRYPT.' To make sure that its victims will not miss the ransom note with instructions from the attackers, the FLSCRYPT Ransomware leaves two identical messages. One is displayed as a pop-up created from a file named 'info.hta,' while the other is delivered as a text file named 'info.txt.'

According to the ransom demanding message, the cybercriminals also have been able to obtain various sensitive data from their victims. The collected documents are now stored on a remote server and will be released to the public if the hackers do not receive the demanded ransom. On the note, victims can find a multitude of communication channels that could allow them to reach the threat actors. Apart from the decrypt2022@onionmail.org email, there is also the 'decrypt2022@msgsafe.io address, the @Files_decrypt Telegram account, an ICQ account and a Tox chat ID. The ransom note also states that victims who establish contact sooner will supposedly receive more favorable terms.

Of course, trusting the words of cybercriminals is a risky venture. Not to mention that communicating with threat actors could be exposing the users or corporate entities that have been impacted by a ransomware attack to additional security and privacy issues.

The full text of the note is:

'Hello my dear friend. All your files have been encrypted!

Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted. The only method of recovering files is to purchase decrypt tool and unique key for you.
If you want to recover your files, write us to this e-mail: decrypt2022@onionmail.org In case of no answer in 24 hours write us to this e-mail:decrypt2022@msgsafe.io
Our online operator is available in the messenger Telegram: @Files_decrypt or hxxps://t.me/Files_decrypt
If there is no response from our mail, you can install ICQ software on your PC here hxxps://icq.com/windows/ or on smartphone from Appstore / Google Play Market search for "ICQ"
Write to our ICQ @Ransomware_Decrypt hxxps://icq.im/Ransomware_Decrypt/ Or download the (Session) messenger (hxxps://getsession.org) in messenger: 0569a7c0949434c9c4464cf2423f66d046e3e08654e4164404b1dc23783096d313
You have to add this ID - and we will complete our converstion.
Or download the Tox Chat (hxxps://tox.chat/download.html') in messenger: C20A4B4AC30BBF70E7F2340FC0F97B08FA58B6E041557ABBF29EAF82FED0C47D79239FA26B51 You must add this ID -and write to us.

Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly.

Your Data
Sensitive data on your system was DOWNLOADED.
If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly.

Data includes:
Employees personal data, CVs, DL, SSN.
Complete network map including credentials for local and remote services.
Private financial information including: clients data, bills, budgets, annual reports, bank statements.
Manufacturing documents including: datagrams, schemas, drawings in solidworks format
And more…

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write - the more favorable conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption.'