Cybersecurity researchers have spotted a new data-encrypting Trojan, named the MilkmanVictory Ransomware, that goes after specific targets. The MilkmanVictory Ransomware is the creation of a hacking group named CyberWare.
The shady individuals behind the MilkmanVictory Ransomware appear to be very active on Twitter and have tweeted out some details regarding this hacking campaign. It would appear that the CyberWare hacking group is targeting loan companies that partake in deceitful practices. The attackers are very explicit about their intentions and make it clear that regular Internet users need not worry about the MilkmanVictory Ransomware. The CyberWare group also mentions that they engage in DDoS (Distributed-Denial-of-Service) campaigns that target fraudulent loan companies.
The MilkmanVictory Ransomware is based on the very popular HiddenTear Ransomware project. This means that users who have been affected by the MilkmanVictory Ransomware are likely to be able to obtain a decryption key by brute-forcing it. When the MilkmanVictory Ransomware infects a targeted system, it will encrypt all the data that is present on it. The affected files' names will be altered because the MilkmanVictory Ransomware appends a '.paradox' extension to them. This means that a file named 'sand-storm.mov' will be renamed to 'sand-storm.mov.paradox.' After locking the targeted data, the MilkmanVictory Ransomware will drop a ransom note on the infected computer. The name of the note that contains the message of the attackers is 'READ_ME.txt.'
Since the MilkmanVictory Ransomware is based on the HiddenTear project, its victims can recover their data without paying a ransom fee. If you have fallen victim to the MilkmanVictory Ransomware, you can use the HiddenTear decryptor to recover your files. Also, make sure to remove the MilkmanVictory Ransomware from your computer with the help of a reputable anti-virus solution.