Industrial Spy Market Ransomware
Cybercriminals are targeting companies and corporate entities with a new ransomware threat. Tracked by cybersecurity experts as the Industrial Spy Market Ransomware, the threat is capable of leaving the data on the breached devices in a completely inaccessible state. The goal of the attackers is to extort hefty amounts of money from their victims in exchange for their assistance in the restoration of the encrypted files.
Unlike most ransomware threats, Industrial Spy Market does not modify the original names of the files it locks and instead, leaves them intact. When all targeted filetypes on the infected system have been encrypted, the malware will create a new file on the desktop named 'readme.html.' Opening the file will present the victims with a ransom note containing the demands of the attackers.
Ransom Note's Details
The Industrial Spy Market's ransom note reveals that its operators are running a double-extortion scheme. First, they take the encrypted files as hostages and claim that the data cannot be restored without receiving the necessary private key from them. In addition, the hackers state that they have scoured the internal network of their victims and have exfiltrated various sensitive and confidential information.
If the affected organizations fail to establish contact with the cybercriminals within 3 days, the collected data will supposedly be published on a dedicated leak site. The site is named 'Industrial Spy Market' and is accessible only via the Tor browser. The note provides two different communication channels to the victims. They can reach the attackers via the qTox chat app or by sending a message to the email 'inbox@supports24.net.'
The full text of Industrial Spy Market's ransom note is:
'Greetings!
Unfortunately we have to report you that your company was compromised. All your files were encrypted and you can't restore them without our private key. Trying to restore it without our help may cause complete loss of your data.
Also we researched whole your corporate network and downloaded all your sensitive data to our servers. If we will not get any contact from you in 3 next days we will publish your data on the site "Industrial Spy Market"
You can find it there(hxxp://spyarea23ttlty6qav3ecmbclpqym3p32lksanoypvrqm6j5onstsjad.onion)
Tr Browser is needed(hxxps://www.torproject.org/download/)
Also we respect your work and time and we are open fr communication. In that case we are ready to discuss recovering your files and work. We can grant absolute privacy and compliance with agreements by our side. Also we can provide all necessary evidence to confirm performance of our products and statements.
Feel free to contact us with quTox(hxxps://tox.chat/download.html)
Our ToxID:37790E2D198DFD20C9D2887D4EF7C3E2951BB84248D192689B64DCCA3C8BD808A1895676B271
Alternative method is email:inbox@supports24.net
Mark your messages - your personal ID:'