Stax Ransomware
Another threatening STOP/Djvu variant has been caught in the wild. The threat is named Stax Ransomware and is capable of wreaking havoc on any system it manages to infect. Following the ransomware template, Stax doesn't destroy the data stored on the compromised machines. Instead, it runs an encryption process with an uncrackable cryptographic algorithm. As a result, all targeted file types will be scrambled and rendered unusable and inaccessible. The hackers will then offer to help restore the victim's data but only after being paid a hefty ransom.
Details
Stax operates in a manner consistent with the rest of the STOP/Djvu variants such as Rugi, Rivd and Rugj. It marks all locked files by appending a new file extension to their original names. In this case, the extension is '.stax.' When all suitable files have been encrypted, the threat will create a file named '_readme.txt' on the victim's device. This file will contain the threat's ransom note with instructions for the affected users.
Ransom Note's Overview
According to the note, the attackers want to be paid a ransom of exactly $980. In exchange, they promise to provide their victims with the necessary decryption key and the accompanying software program that is supposed to restore the files. The note also mentions the typical STOP/Djvu threats offer to reduce the ransom by 50%.
The only requirement is that the victims must contact the hackers within the first 72 hours of the Stax Ransomware infection. As part of their message, users are also allowed to send a single locked file. The cybercriminals promise to decrypt and return it for free. The ransom note provides two email addresses that can be used as communication channels - 'manager@mailtemp.ch' and 'helprestoremanager@airmail.cc.'
The full message delivered by Stax Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-dFmA3YqXzs
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
manager@mailtemp.chReserve e-mail address to contact us:
helprestoremanager@airmail.ccYour personal ID:'
