Kamikizu Ransomware
The Kamikizu Ransomware is a threat designed to lock the data of targeted victims. Such malware tools are often used as a way to extort money from individual users or corporate entities by locking important files via an uncrackable encryption process. The cybercriminals will claim that the only method to restore the impacted files is for the victims to pay a ransom and receive the necessary decryption keys or software tools in exchange. However, there are no guarantees that all files will be successfully restored or the cybercriminals will not simply take the money and disappear.
The Kamikizu Ransomware, in particular, is a variant of the previously identified ZEPPELIN malware. As part of the invasive actions, the threat will take the original names of the targeted files and add to them '.kizu,' followed by a specific ID string. The ransom-demanding message of the threat's operators is dropped on the breached systems as a text file named '!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT.'
Reading the ransom note reveals that the cybercriminals spreading Kamikizu Ransomware operate a double-extortion operation. Before locking the data of their victims, the hackers exfiltrate important files and store them on a server under their control. If the victim refuses to pay the demanded ransom, the threat actors threaten to release the collected information to the public by publishing it on a dedicated leak website.
The Kamikizu Ransomware victims can attempt to contact the hackers by messaging the two email addresses provided in the note. The main email appears to be 'kamikizu@onionmail.org' while 'kamikizu@keemail.me' serves as a backup option. A single encrypted file can be attached to the message and will supposedly be unlocked by the attackers for free.
The full text of the ransom note is:
'Kamikizu Ransomware.
YOUR DATA HAS BEEN STOLEN AND ENCRYPTED
You are not able to decrypt it by yourself!
The only method of recovering your data is to purchase our unique decryptor.
Only we can give you this and only we can recover your files.
IF YOU DO NOT RESPOND ON TIME, ALL STOLEN DATA WILL BE PUBLISHED ON OUR TOR SITE
To be sure we have the decryptor and it works you can send an email: kamikizu@onionmail.org and decrypt one file for free.
But this file should be of not valuable!
Do you want to restore your files and keep them private?
Write to email: kamikizu@onionmail.org
Reserved email: kamikizu@keemail.me
Your personal ID: -
IMPORTANT
- Do not rename encrypted files.
- Do not try to decrypt your data using third party software, it may cause permanent data loss.
- Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
