Gnik Ransomware
Cybercriminals have created another variant of the infamous Dharma malware strain. The threat is being tracked as the Gnik Ransomware and its encryption routine can affect a large range of file types. When executed on the target device, Gnik will lock the victim's documents, photos, archives, databases, audio and video files, etc. The names of the files locked by the threat will be modified greatly.
Indeed, following the established Dharma behavior, Gnik also will attach an ID string, an email address, and a new file extension to the original names of the encrypted data. In this case, the email address is 'king2022@msgden.com', and the new file extension is '.gnik.' Two ransom notes will be dropped on the infected systems. The main ransom-demanding message will be displayed in a pop-up window, while a shorter message will be contained inside a text file named 'info.txt.'
The Gnik Ransomware tells its victims that the locked data could be restored. However, they will need to contact the attackers to receive additional instructions. The ransom notes repeat the 'king2022@msgden.com' address also found in the names of the encrypted files, but they also mention a secondary email at 'king2022@onionmail.com.' In general, communication with cybercriminals should be avoided and no amounts of money should be transferred to hackers. Users who do so, risk incurring monetary losses, while also exposing themselves to additional security risks.
The ransom note shown in the pop-up window is:
'YOUR FILES ARE ENCRYPTED
1024
Don't worry, you can return all your files!
If you want to restore them, write to the mail: king2022@msgden.com YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:king2022@onionmail.com
ATTENTION!
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.The text file delivers the following message:
all your data has been locked us
You want to return?
write email king2022@msgden.com or king2022@onionmail.com'
