Ransomnix Ransomware

The Ransomnix Ransomware is an encryption ransomware Trojan that claims to be associated with Anonymous. However, there is no real confirmation that this link exists. In many cases, the con artists will brand their ransomware Trojans with these labels as a way to claim that they are larger or more important than they really are. The Ransomnix Ransomware is not being used in widespread attacks currently. The Ransomnix Ransomware's main targets are Web servers and online websites. Con artists seem to use corrupted WordPress plug-ins to distribute the Ransomnix Ransomware and allow this ransomware Trojan to be installed on the targeted server.

An Overview of the Ransomnix Ransomware Trojan

The Ransomnix Ransomware uses the AES 256 encryption algorithm to encrypt the files on the targeted server, encrypting databases, text files, images, and server configuration files. Once the Ransomnix Ransomware has encrypted the victim's files, these files become inaccessible, making the targeted website or server go down. The Ransomnix Ransomware also will alter the meta tags and other data, making the target machine inoperable. The websites that have been compromised by the Ransomnix Ransomware attack will display the following message:

'Ransomnix We are Anonymous, We are legion, We don't forgive, We don't forget, United as one, Divided by zero, Expect us.'

Since it is possible that the compromised websites could be used to spread the Ransomnix Ransomware further, PC security analysts advise computer users to refrain from visiting compromised Web pages. In its attack, the Ransomnix Ransomware will mark the files encrypted with its encryption algorithm by adding the file extension '.Crypt' to the end of each affected file's name.

The Ransomnix Ransomware's Ransom Demand

The Ransomnix Ransomware delivers its ransom demand after encrypting the victim's files. The Ransomnix Ransomware delivers its ransom message to the root directory of the affected server in the form of a custom HTML Web page, which is displayed whenever a visitor reaches the compromised website. The message associated with the Ransomnix Ransomware infection can vary, but the one that has been linked to various versions of the Ransomnix Ransomware reads:

'Ransomnix
Now Pay BTC OR Payment will increase by 3TC each day after
Dear manager, on [ACCOUNT NAME] your database server has been locked, your databases files are encrypted and you have unfortunately "lost" all your data, Encryption was produced using unique public key RSA-2048 generated for this server. To decrypt files you need to obtain the private key. All encrypted files ends with .Crypt
Your reference number: [4 DIGITS] To obtain the program for this server, which will decrypt all files, you need to pay 1 bitcoin on our bitcoin address [RANDOM CHARACTERS] (today 1 bitcoin was [4 DIGITS] $).
Please use english language in your letters. If you don't speak english then use hxxps://translate.google.com to translate your letter on english language.
We don't know who are you, All what we need is some money.
Don't panic if we don't answer you during 24 hours. It means that we didn't received your letter and write us again.
You do not have enough time to think each day payment will increase by [4 DIGITS] BTC and after one week your privite key will be deleted and your files will be locked for ever.'

The Ransomnix Ransomware has two variants, each with a different ransom note. Because of this, the Ransomnix Ransomware new variants are likely to continue appearing in the future. PC security analysts strongly advise computer users to refrain from paying the Ransomnix Ransomware ransom. At the current exchange rate, 1 Bitcoin is equivalent to 4200 USD approximately. The spike in Bitcoin prices in 2017 is likely one of the factors that have led to a current overabundance of ransomware attacks. As with other encryption ransomware Trojans, having good file backups on an offline device is the best way to protect your data.