STOLEN Ransomware
The STOLEN Ransomware is classified as ransomware but so far has not been attributed to any of the already established malware families. The threat aims to infect targeted computers, execute an encryption process, and lock the data stored there. The criminals will then extort their victims for money. Each file affected by the threat will be marked by having '.STOLEN' appended to its name as a new extension. Upon completing the encryption routine, STOLEN generates a ransom note. The message will be placed on the Desktop of the infected system as a text file named 'READ_ME_SECURITY_WARNING.txt.'
Peculiar Demands
STOLEN Ransomware's note, weirdly enough, doesn't even mention the encryption of the victims' data. Instead, it states that the hackers have managed to obtain sensitive data from the compromised devices, such as databases, archives, private emails, etc. If their demands are not met, the hackers threaten to exploit the acquired data in a variety of ways - some will be sold to third parties while the rest will be released to the public. To avoid this outcome, victims are told to send 3000 BTC to the provided crypto-wallet address. That is an exorbitant amount of money. At the current Bitcoin exchange rate, 3000 BTC is worth more than 130 million USD. And if that sum didn't seem too ridiculous, if 30 days pass without payment, the amount of the ransom will be doubled! If these demands are real or are being used as a placeholder currently, numbers remain to be determined. To reach out to the hackers, victims are told to download and use the Bitmessage communication protocol.
The full set of instructions left by the STOLEN Ransomware is:
'All your DATA has been STOLEN
For several months we have been downloading your databases, sources software, private email, documents and etc
It's time to discuss the ransom amount
transfer "3000" BITCOINS to our wallet : "bc1qcw4xraclcjevcj4hcrvxtr054538cqq5hgaawq"
if we do not receive the transfer within 30 days, the AMOUNT WILL DOUBLE
if after 45 days you do nothing, then we will sell part of the information on the black market,
and publish some of it in internet, and notify all clients/partners/staff and maximum number of media and bloggers
they will be interested to know all the details about how and that your company has lost the data,
and is trying to hide information about data stolen.After payment, write to us a use secure client Bitmessage
address: BM-NBaptUA9UYd1LNe19A13YRVduqXjDZkK
subject :
We will reply within 72 hoursdownload latest client hxxps://download.bitmessage.org/snapshots/'
