PERDAK Ransomware
Cybercriminals have released a new ransomware threat based on the Phobos malware family. Named PERDAK, the threat acts as ransomware that encrypts the victim's files and then demands a ransom for their restoration. A large number of file types can be affected and the locked files become inaccessible and unusable.
The PERDAK Ransomware follows largely the typical behavior of a Phobos Ransomware variant. The biggest difference is the communication channel chosen by the hackers responsible for the malware threat. Instead of leaving their victims with one or more email addresses, the PERDAK Ransomware cybercriminals state that they can be reached only via ICQ.
Threat Details
During its encryption process, the PERDAK Ransomware changes the names of the target files significantly. The threat first adds an ID number that has been assigned to the specific victim. Then, it places the hackers' account - 'ICQ_Mudakperdak.' The final modification to the name is the addition of '.PERDAK' as a new file extension.
When all targeted files are encrypted, the threat proceeds to deliver its ransom note. It creates text files named 'info.txt' that carry a shorter version of the ransom-demanding message while the full ransom note is displayed to the victim in a pop-up window.
Ransom Note's Overview
The PERDAK Ransomware's note doesn't mention the exact sum that the criminals want to receive. However, it does state that before making payment, users can send up to 5 files that will supposedly be unlocked for free. The files must be less than 4MB in total size and shouldn't contain any important data. No additional communication channels are provided in either of the two notes.
The full text of the message shown in the pop-up window is:
'ATTENTION!!!!
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted with ciphers more advanced than those used for diplomatic communications, you can spend days and months searching for a magical way to decrypt your files, but rest assured we are the only people who can help you recover your files, there is no free tool
If you want to restore them, install ICQ software on your PC hxxps://icq.com/windows/ or on your mobile phone search in Appstore / Google market "ICQ"
Write to our ICQ @Mudakperdak hxxps://icq.im/Mudakperdak
Write this ID in the title of your message 1E857D00-3145
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The text files contain the following message:
'If you are the IT manager and you are reading this, that means that you messed up, you were asleep at the wheel. Contact us and we can resolve this situation without major complication, if you are the owner of the company and you are reading this than the decision is yours, throw your hard drives in the trash or contact us and pay a nominal fee to recover your data, but know that your security practices have failed you and either way something needs to be done
If you want to restore them, install ICQ software on your PC hxxps://icq.com/windows/ or on your mobile phone search in Appstore / Google market "ICQ"
Write to our ICQ @Mudakperdak hxxps://icq.im/Mudakperdak
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.'
