Myday Ransomware
The Myday Ransomware is a threatening variant from the Dharma malware family. If the Myday Ransomware manages to infiltrate the targeted computer, the threat will initiate an encryption process with an uncrackable cryptographic algorithm. As a result, users will be cut off from accessing their private or business-related files. PDFs, documents, archives, databases, pictures, photos, etc. will all be rendered unusable. Myday, as other Dharma variants, also will change the original names of the affected files drastically. The threat follows the pattern - original name, a unique ID for the victim, email address of the hackers and finally new file extension. The email address used by the threat is 'everyday@dr.com' while the file extension is '.myday.' The Myday Ransomware drops two ransom-demanding messages in the form of a pop-up window and a text file.
Myday Ransomware's Note
Opening the text file provides little useful information. The document simply tells users to contact the hackers via two email addresses - 'everyday@dr.com' and 'usarity@aol.com.' The pop-up window contains the proper ransom note. It clarifies that ransom must be paid using the Bitcoin cryptocurrency. It also mentions that victims can send a single file to test the ability of the hackers to restore the data. However, the file must be less than 1MB in size and shouldn't carry any valuable data. The note concludes with several warnings, such as not using third-party software to decrypt the files as it could lead to permanent damage.
The instructions displayed in the pop-up window are:
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail everyday@dr.com
Write this ID in the title of your message 1E857D00
In case of no answer in 24 hours write us to theese e-mails:usarity@aol.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.Free decryption as guarantee
Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The text file has the following message:
'all your data has been locked us
You want to return?
'Write email everyday@dr.com or usarity@aol.com.'
