Killnet Ransomware

Computers infected with the Killnet Ransomware threat will be subjected to data encryption. Victims will discover that they can no longer access most of their documents, pictures, PDFs, databases, archives and more. All impacted files will have '.killnet' appended to their original names. The threat will drop a text file named 'Ru.txt' containing a message in Russian. The desktop background of the breached devices also will be substituted and what exactly will be set as a new background will depend on the specific Killnet Ransomware version.

The ransom note simply contains the various contact information of the threat actors. It doesn't reveal any concrete demands or details about a ransom payment. Most other malware operations of this type specify that the demanded money must be transferred to their crypto-wallet account, using a chosen cryptocurrency. Typically, ransomware operators also allow for a couple of locked files to be sent to them to be decrypted for free as a demonstration. The Killnet Ransomware doesn't provide any such information to its victims.

The full text of the ransom note in its original language is:

'Вы атакованы killnet_reservs

Донаты: @donate_killnet
Наш официальный @killnet_reservs
Поддержка @killnet_support
Основатель @killmilk_rus
Обменник t.me/killnetexchange
Резервный @killnet_mirror
Наш канал hxxps://t.me/killnet_reservs
Слава России Братья!'