Somik1 Ransomware

Sometimes, malware experts create threats for purely educational purposes and make the code available publicly in the hope of informing more users on how certain strains of malware operate. However, cybercriminals often see this as an opportunity and borrow the publicly available code to wreak havoc and generate revenue off the backs of innocent users. This is what the authors of the Somik1 Ransomware have done. The creators of this data-locking Trojan have used the code of the HiddenTear Ransomware project to build the Somik1 Ransomware.

Propagation and Encryption

Many authors of ransomware take advantage of spam emails with compromised attachments, corrupted advertisements, fake application updates and downloads, and other popular distribution means to propagate their nasty creations. As soon as the Somik1 Ransomware infiltrates a system successfully, it will scan the user's data and locate the files that will be targeted for encryption. It is likely that this file-locking Trojan is able to encrypt a long list of filetypes – images, documents, videos, music, spreadsheets, presentations, archives, databases and countless other filetypes are not safe from the Somik1 Ransomware. Once the Somik1 Ransomware encrypt a file, you will notice that it also alters its name. This data-encrypting Trojan appends a '.somik1' or ‘arnoldmichel2@tutanota.com' extension to the affected files' names. This means that a file called 'pink-paw.gif' initially will be renamed either to 'pink-paw.gif.somik1' or ‘pink-paw.gif.arnoldmichel2@tutanota.com' when it undergoes the encryption process of the Somik1 Ransomware.

The Ransom Note

The Somik1 Ransomware also drops a ransom note on the desktop of its victim. The ransom message of the Somik1 Ransomware's authors is contained in a file called 'WARNING.txt' and in a '.HTA' file, whose name is not specified. In the ransom message, the attackers state that users who try to use third-party decryption tools will damage their files. However, there is no reason to believe this claim. Instead, they urge the victim to pay a ransom fee in exchange for a decryption key that will recover their data.

We advise you against cooperating with cybercriminals as usually nothing good comes out of it. However, the good news is that many variants of the HiddenTear Ransomware project are decryptable for free. However, even if the Somik1 Ransomware is decryptable for free, next time, you may not be so lucky, so you should look into obtaining a reputable anti-malware solution that will keep your system and your data secure certainly.