Flying Dutchman Ransomware
The Flying Dutchman Ransomware threat targets the data of its victims and then uses the locked files as a way to extort money from them. Ransomware threats typically carry military-grade cryptographic algorithms as part of their encryption routines, which makes the restoration of the data without having the correct decryption keys practically impossible. Even though the Flying Dutchman Ransomware is not a unique threat - it is a variant of the previously identified Xorist Ransomware, this fact doesn't make it any less destructive.
When fully activated on the breached devices, the Flying Dutchman Ransomware will encrypt documents, archives, databases, images, PDFs and many other file types. The threat will create a random string of characters and then append it to the original name of each affected file as a new extension. The Flying Dutchman Ransomware drops two ransom notes to the infected systems - one displayed as new desktop background and one contained inside a text file. The name of the text will be either 'РАСШИФРОВАТЬ ФАЙЛЫ.txt' or 'ДЕШИФРАТОР.txt,' depending on the specific Flying Dutchman version.
It should be pointed out that the names of the text file, as well as both ransom notes, are entirely written in Russian. This could be a sign that this particular malware threat is designed to target Russian-speaking users specifically. Both of the notes contain many pirate-related phrases and words. As for any useful information, they simply tell victims to contact the attackers within 3 days of the malware infection. Two email addresses are mentioned in the note for this purpose - 'somalia@2trom.com' and 'somaliajaz@aol.com.'
Flying Dutchman Ransomware's note is:
'ПЯТНАДЦАТЬ ЧЕЛОВЕК НА СУНДУК МЕРТВЕЦА!
Хай ! Пиплы ! Комон на борт нашего "Летучего голландца".
Ваш компьютер взят на абордаж
командой Cомалийских пиратов
Ваши файлы зашифрованы нашим
морским криптографом Базоном Хикса
Если вы, мудрый и не скряга ,
не шизанутый депутат из фракции ЛДПР,то,
мы готовы обменять вашу драгоценную инфу, на жалкие
бумажки именуемые бабками.
Поверьте, бабло зло - отдайте его нам.
Алчных и неадекватных типов за борт.
Весёлым и находчивым скидки.
У вас три дня до отплытия корабля.
Для переговоров собираемся в кают компании, sos на мыло
Номер компании -
somalia@2trom.com
somaliajaz@aol.com'
