Keversen Ransomware

Keversen Ransomware Description

After analysis, the Keversen threat has been classified as ransomware that is not part of any of the currently established malware families. However, its behavior is consistent with that of typical ransomware. Keversen aims to infect the targeted computer systems and lock the data stored there via a strong encryption process. The victims will then be extorted for money if they want to receive the decryption key held by the attackers. Each file encrypted by the threat will have its name modified by the addition of '.keversen' as a new extension. A ransom note is delivered to the compromised systems in the form of a file named '!=READMY=!.txt.'

Ransom Note's Overview

The details in the note mention that before encrypting the victim's files, the hackers were able to obtain various data that is now being stored on a remote server. They threaten to release the sensitive information to the public or offer it for sale to interested parties if the victim decides not to pay the ransom. As communication channels, victims are left with two email addresses found inside the note - 'ithelpnetwork@decorous.cyou' and 'ithelpnetwork@wholeness.business.' When sending a message, users can attach up to three locked files that will then supposedly be decrypted for free and returned.

The entire text contained in the !=READMY=!.txt file is:

'! YOUR NETWORK HAS BEEN COMPROMISED !
All your important files have been encrypted!
Your files are safe! Only modified.
ANY ATTEMPT TO RESTORE A FILE WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT.

No software available on internet can help you. We are the only ones able to solve your problem.
We gathered data from different segment of your network. These data are currently stored on a private server and will be immediately destroyed after your payment.
If you decide to not pay, we will keep your data stored and contact press or re-seller or expose it on our partner's website.
We only seek money and do not want to damage your reputation or prevent your business from running.
If you take wise choice to pay, all of this will be solved very soon and smoothly.
You will can send us 2-3 non-important files and we will decrypt it for free to prove we are able to give your files back.
Contact us.
ithelpnetwork@decorous.cyou
ithelpnetwork@wholeness.business
In the subject write - id
.'