JS Ransomware
The JS Ransomware is a serious malware threat that can cause severe damage to the targeted devices. Certain characteristics of the threat point towards it being mostly leveraged against corporate targets but the attackers could easily switch to infecting individual users as well. Thanks to the strong encryption algorithm used by the JS Ransomware, victims are left unable to access important documents, projects, databases, archives and more.
Each successfully encrypted file will be marked by having '.JS' appended to its original file name. Coincidentally, it is the same as the legitimate JavaScript file extension. When all targeted filetypes have been processed and locked, the JS Ransomware will drop a ransom note with instructions for its victims. The malware's message will be created on the desktop of the compromised device as a text file named 'RESTORE_FILE_INFO.txt.'
Ransom Note's Overview
The note reveals that the attackers are running a double extortion scheme. In addition to encrypting data, they claim to have obtained sensitive files containing contracts, finance details, databases and more. If victims refuse to pay up and do not establish contact within 3 days, their data will supposedly be leaked to clients, competitors and the public in general. The hackers state that the private information will be leaked in portions on their Twitter account. To reach the cybercriminals, victims are left with a single option - to message the qTOX account mentioned in the ransom note.
The full set of instructions left by JS Ransomware is:
'------------------
| What happened? |
------------------
Your network was ATTACKED, your computers and servers were LOCKED,
Your private data was DOWNLOADED:
- Contracts
- Customers data
- Finance
- HR
- Databases
- And more other...
----------------------
| What does it mean? |
----------------------
It means that soon mass media, your partners and clients WILL KNOW about your PROBLEM.
--------------------------
| How it can be avoided? |
--------------------------
In order to avoid this issue,
you are to COME IN TOUCH WITH US no later than within 3 DAYS and conclude the data recovery and breach fixing AGREEMENT.
-------------------------------------------
| What if I do not contact you in 3 days? |
-------------------------------------------
If you do not contact us in the next 3 DAYS we will begin DATA publication.
We will post information about hacking of your company on our twitter hxxps://twitter.com/RobinHoodLeaks or htxxps://www.gettr.com/user/robinhoodleaks
ALL CLINTS WILL LEARN ABOUT YOUR HACKING AND LEAKAGE OF DATA!!! YOUR COMPANY'S REPUTATION WILL BE HURTLY DAMAGED!
-----------------------------
| I can handle it by myself |
-----------------------------
It is your RIGHT, but in this case all your data will be published for public USAGE.
-------------------------------
| I do not fear your threats! |
-------------------------------
That is not the threat, but the algorithm of our actions.
If you have hundreds of millions of UNWANTED dollars, there is nothing to FEAR for you.
That is the EXACT AMOUNT of money you will spend for recovery and payouts because of PUBLICATION.
You are exposing yourself to huge penalties with lawsuits and government if we both don't find an agreement.
We have seen it before cases with multi million costs in fines and lawsuits,
not to mention the company reputation and losing clients trust and the medias calling non-stop for answers.
--------------------------
| You have convinced me! |
--------------------------
Then you need to CONTACT US, there is few ways to DO that.
---Secure method---
a) Download a qTOX client: hxxps://tox.chat/download.html
b) Install the qTOX client and register account
c) Add our qTOX ID: BC6934E2991F5498BDF5D852F10EB4F7E1459693A2C1EF11026EE5A259BBA3593769D766A275
or qTOX ID: 671263E7BC06103C77146A5ABB802A63F53A42B4C4766329A5F04D2660C99A3611635CC36B3A
d) Write us extension of your encrypted files .JS
Our LIVE SUPPORT is ready to ASSIST YOU on this chat.
----------------------------------------
| What will I get in case of agreement |
----------------------------------------
You WILL GET full DECRYPTION of your machines in the network, DELETION your data from our servers,
RECOMMENDATIONS for securing your network perimeter.
And the FULL CONFIDENTIALITY ABOUT INCIDENT.'
