NUNCATARDE Ransomware
A new ransomware threat is being used in attacks against corporate and individual targets. Tracked as the NUNCATARDE Ransomware, the threat appears to have little to no connections to the already established ransomware families. It still operates as typical ransomware, though. It aims to lock the data of its victims by using a high-grade encryption algorithm. As a result, the files on the compromised system will be left in an unusable state. Other ransomware threats include Zaqi, Admin Locker and Night Sky.
NUNCATARDE also will mark each and every file that it has encrypted. It does so by appending '.NUNCATARDE' to the file's original name as a new extension. When all targeted file types have been locked, the threat will proceed to deliver a ransom note to its victims. Affected users will find the instructions from the attackers inside a text file named '#Decrypt#.txt.'
Ransom Note's Details
The ransom-demanding message reveals that the cybercriminals are using a double-extortion scheme. First, they demand to be paid a ransom in exchange for providing the affected victim with the decryption keys necessary for the restoration of the locked data. Separately, the attackers claim that if their demands are not met, they will release sensitive data that has been collected from the infected devices. The hackers will first try to sell the information to the victim's competitors before releasing it to the public for free.
Instead of the typical communication channel through emails, the cybercriminals responsible for unleashing NUNCATARDE prefer to use instant messaging applications. The ransom note mentions two such applications - ICQ and Skype, alongside the hackers' accounts. The rest of the instructions are taken up by various warnings.
The full text of the ransom note left by the NUNCATARDE Ransomware is:
'Hello my dear friend
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them, install ICQ software on your PC hxxps://icq.com/windows/ or on your mobile phone search in Appstore / Google market ICQ
Write to our ICQ @nuncatarde
htxps://icq.im/nuncatarde
Skype nuncatarde decryption
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write, the more favorable the conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption
IF WE DONT SEE MESSAGES FROM YOU IN 72 HOURS - WE WILL SELL YOUR DATABASES AND IMPORTANT INFORMATION TO YOUR COMPETITORS,AFTER YOU WILL SEE IT AT OPEN SOURCE AND DARKNET
tell your unique ID.'
