JamesBond Ransomware

The JamesBond Ransomware aims to infiltrate users' computers, scan them for specific file types, and then encrypt the matching files with a strong cryptographic algorithm. All affected files will be rendered unusable, and victims will no longer be able to access their documents, pictures, archives, databases, etc. In addition, the JamesBond Ransomware will append the names of the locked files with a new extension that includes an email address under the control of the hackers - '.jamesbond2021@tutanotacom_jamesbond.' As part of its nefarious actions, the threat will change the default desktop background with a new image and drop a ransom note on the compromised device. The note will be delivered as a text file named 'read_it.txt.'

JamesBond Ransomware's Demands

The instructions found inside the ransom-demanding file are extremely brief and they lack any meaningful information. Users affected by the JamesBond ransomware are told to contact the attackers to receive additional details. Usually, these include the exact sum of the ransom and the way that the transfer of the money must be handled. Ransomware operators also often demand the funds to be sent using one of the popular cryptocurrencies such as Bitcoin and Monero. As a communication channel with the attackers, the note simply reiterates the email address that also is placed in the names of the files encrypted by the threat.

The full text of the note is:

'Hello there All your files are encrypted. There is no way to decrypt them except through my decryptor.
I will sell for you the tool to decrypt and restore your files.
contact me at : jamesbond2021@tutanota.com.'