RAMP Ransomware

RAMP is a threatening tool has been classified as ransomware. The threat is equipped with an encryption algorithm that targets a diverse set of file types. The RAMP Ransomware's victims will lose access to the documents, photos, images, archives, databases and other files stored on the infected devices. Each impacted file will have '.terror_ramp3' attached to its original name. The locked data is typically used as a way to extort money from the victims.

The instructions that the RAMP Ransomware leaves on the breached computers are written in Russian, with a mix of words from other Slavic languages. The message will be dropped inside a text file named 'ramp3.txt.' The desktop wallpaper also will be changed to a new one.

According to the ransom note, victims will have to pay the attackers to receive a decryption key for the locked files. The message warns that users will have only one try to enter the correct key, with any further attempts possibly leading to irreversible damage. The only way to contact the cybercriminals responsible for the RAMP Ransomware is by messaging the two accounts provided in the note.

The full text of the ransom note is:

'Увага! Всі ваші файли зашифровані!
Щоб відновити свої файли та отримати до них доступ,
надішліть SMS з текстом-Користувачеві Telegram @WHITE_ROS4

У вас є 1 спроба ввести код. Якщо це
кількість буде перевищено, всі дані необоротно зіпсуються. Бувши
обережні при введенні коду!

Channels: @white_ros4bio | @vip_swatting |

привет от Killnet
Keygroup привет'