Info Ransomware
Cybersecurity experts have identified a new malware threat from the infamous Dharma Ransomware family. Despite it being yet another variant, the Info Ransomware can cause significant damage if deployed on the targeted devices. By retaining the encryption capabilities of Dharma, the malware can effectively lock users out of their own data. Files such as documents, archives, databases, images and more will be left in a completely unusable state.
The Info Ransomware will generate a unique ID string for each victim and append it to the original names of the encrypted files. In addition, the threat will also add an email address belonging to the operators of the threat - 'infobase@onionmail.com.' Finally, the locked files will have '.info' attached as a new file extension. The typical way of delivering ransom notes also is present in the Info Ransomware. The threat will drop two files on the breached devices named 'FILES ENCRYPTED.txt' and 'Info.hta.'
The message is the text file simply tells victims of the ransomware to contact either the same 'infobase@onionmail.com' email or another one at 'infobase@msgsafe.io.' The ransom note shown via the other file is a bit longer, but it also lacks many of the important details usually found in such ransom-demanding messages. It states that the second email should be used only if users do not receive an answer for 12 hours after contacting the first one. The rest of the note consists of various warnings.
The full text of Info Ransowmare's note is:
'YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email infobase@onionmail.com YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:infobase@msgsafe.io
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.The instructions shown in the text file are:
all your data has been locked us
You want to return?
write email infobase@onionmail.com or infobase@msgsafe.io'
