Poison Ransomware

Poison Ransomware Description

The Poison Ransomware is a new threat that has been identified by infosec researchers. The threat is designed to infiltrate the targeted computers and lock the files stored there via a strong encryption algorithm. Victims will lose access to their documents, archives, databases, etc. Each locked file will be marked by having '.poison appended to its name as a new file extension.

When the Poison Ransomware has finished encrypting all targeted file types, it will deliver a ransom note to the compromised system. The threat shows two notes with almost identical texts - one as a pop-up window and one inside a text file named '_RECOVER__FILES.poison.txt.'

Poison Ransomware's Demands

The details delivered by the pop-up window and the text file are identical. The only difference between the two is that the pop-up window displays the number of all encrypted files, while the text file lists each affected file individually.

Poison's ransom-demanding message reveals that the attackers want to receive a ransom of 0.01 Bitcoin exactly, to assist their victims with restoring the encrypted data. The Bitcoin cryptocurrency is infamously volatile and its value can change rapidly in a short period but currently, the ransom stands at nearly $568.

After transferring the money to the crypto-wallet address mentioned in the ransom note, victims are instructed to send the transaction ID to an email address controlled by the hackers. According to the note, that email is 'bankinter.promo@protonmail.com.'

The full text of the note is:

'!Ups

Your files (count: -) have been encrypted!
To get back all them…
Please send 0.01 Bitcoin(s) to the following BTC
1EHXj2AvyeCAKTzBdqbDmmceswJEciE7kj
So, E-mail your transaction ID to the following
bankinter.promo@protonmail.com
Thanks for Cooperating and Good Luck Next Time
.'

Related Posts