Sorryitsjustbusiness Ransomware

The Sorryitsjustbusiness Ransomware appears to be mostly geared towards infecting corporate targets but it can easily compromise users' devices as well. The potent encryption routine of the threat is capable of locking a significant amount of different file types and rendering them completely unusable.

As part of its actions, Sorryitsjustbusiness marks each encrypted file by appending a four-character string to that file's original name. Unlike the vast majority of ransomware threats, this string will be generated for each separate file randomly, instead of using the same one for all encrypted data. Finally, the threat will deliver its ransom note to the breached system in two different ways - as a text file named 'read_it.txt' and an image that will be set as the new desktop background of the device.

Ransom Note's Overview

The instructions in both places are identical completely. The attackers state that the encrypted data can only be restored by paying for the special key in their possession. The price of the ransom is set at $150, 000 initially, but it will supposedly be doubled 24 hours after the attack. If users let 48 hours pass without negotiating a deal, their files will supposedly be deleted and the data will become unrecoverable. However, if contact is established in the first 2 hours, the hackers promise to offer a discount. It should be noted that the only accepted currency is Bitcoin. The note also mentions a single way to contact the hackers - the 'sorryitsjustbusiness@protonmail.com' email address.

The message contained in the text file and shown as desktop background is:

'First of all, sorry. It's just business.

All your files have been encrypted. All your documents are unavailable.

The encryption was done using a secret key designed by our company.

In order to decrypt your files you must buy an exclusive key from us.

Do not reset or shutdown - files may be damaged.
Do not rename or move encrypted files - they may be lost forever.
Do not try to delete readme files - files may be damaged.

Please send $150k in Bitcoin to the following wallet: bc1qp94vpfjgm6z7fvcsa43cymjpyytweqjju9u7dp

If you do not own Bitcoin yet, we suggest a quick Google search.

After 24 hours the payment will double. After 48 hours files will be deleted.

If you have a proposal within 2 hours you will get a discount, minimizing this tragic event so you can get back to work.

Please contact us via email: sorryitsjustbusiness@protonmail.com'