Threat Database Ransomware Scott.Armstrong Ransomware

Scott.Armstrong Ransomware

The Scott.Armstrong malware threat is classified by infosec researchers as ransomware. Indeed, the goal of the Scott.Armstrong Ransomware is to infect the targeted computers, initiate an encryption process with an uncrackable cryptographic algorithm that will lock the files stored there, and then extort its victims for money. All encrypted files will have '.LOCKED' appended to their original names as a new file extension. Upon completing the encryption of the system, the Scott.Armstrong Ransomware will drop two ransom notes. The ransom-demanding messages will be delivered as two newly-created files - 'HOW_TO_RECOVER_MY_FILES.txt' and 'HOW_TO_RECOVER_MY_FILES.hta.'

Ransom Note's Overview

The message inside the HOW_TO_RECOVER_MY_FILES.hta file is extremely brief. It contains the key identifier assigned to the victim and instructs the user to find and read the instructions from the other file generated by the threat. The main ransom note states that affected users will have to contact the attackers to receive further details on how to make the ransom payment. Victims are told to either download the qTOX client and contact the hackers' account there or to message the 'Scott.Armstrong@confidesk.com' email address. Before getting the ransom, the cybercriminals offer to decrypt up to 3 files for free. However, the chosen files must be less than 5MB in size and should not contain any important information.

The full text of Scott.Amstrong Ransomware's note is:

'ALL YOUR FILES HAS BEEN ENCRYPTED!

ALL YOUR FILES HAVE NOW THE .LOCKED EXTENSION!

TO DE-CRYPT YOUR FILES, CONTACT US HERE:

Download qTox >>> hxxps://tox.chat/download.html
Install qTox and make a profile, after you have done this:
Use this TOX-ID (Copy + Paste):

and make a friend request, after 5 minutes, you will be in contact with our negotiator.

If you want proof, attach 2-3 encrypted files together with the Key ID
(you can find the Key-ID in the How-To-Recover-My-Files document on your Desktop,)
less then 5Mb each, non-archived and your files should not contain valuable information, like
Databases, back-ups, large excel sheets, etc.
You will receive decrypted samples and our conditions how to get the decoder.
Please don't forget to write the name of your company in the subject of your e-mail!

Alternatively, please get in touch with the negotiator at the following email address:

Scott.Armstrong@confidesk.com

Key Identifier: -

The brief message inside the 'HOW_TO_RECOVER_MY_FILES.hta' file is:

ALL YOUR FILES HAS BEEN ENCRYPTED! FIND THE "HOW_TO_RECOVER_MY_FILES" NOTE ON THE DESKTOP FOR MORE INSTRUCTIONS!
Key Identifier:
'

Trending

Most Viewed

Loading...