SunnyDay Ransomware
Cybercriminals are leveraging a potent ransomware threat in an attempt to lock the data of their victims. The threat has been tracked as the SunnyDay Ransomware by the infosec community and is capable of encrypting a wide range of different file types. Victims will notice that nearly all of their documents, PDFs, databases, archives, photos, etc., now have '.SunnyDay' appended to their original names. Furthermore, when the threat has finished processing the data on the breached machine, it will create a text file named '!-Recovery_Instructions-!.txt.' The file will carry a ransom note with the demands of the attackers.
Ransom Note's Details
Reading the message reveals that the operators of the SunnyDay Ransomware are running a double-extortion scheme. Indeed, the hackers claim to have managed to collect important information from the compromised devices, which is now stored on a private server. If victims refuse to pay the demanded ransom, not only will the hackers not assist in the restoration of the encrypted files but they threaten to either release the obtained data to the public or try to sell it to interested parties.
The ransom note doesn't reveal the exact sum that the hackers want to receive from their victims. This means that affected users and entities must contact them for additional instructions. The note mentions two email addresses that can be used as communication channels - 'restoreassistance_net@wholeness.business' and 'restoreassistance_net@decorous.cyou.'
The full text of SunnyDay Ransomware's message is:
'! YOUR NETWORK HAS BEEN COMPROMISED !
All your important files have been encrypted!
ANY ATTEMPT TO RESTORE A FILE WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT.No software available on internet can help you. We are the only ones able to solve your problem.
We gathered data from different segment of your network. These data are currently stored on a private server and will be immediately destroyed after your payment.
If you decide to not pay, we will keep your data stored and contact press or re-seller or expose it on our partner's website.
We only seek money and do not want to damage your reputation or prevent your business from running.
If you take wise choice to pay, all of this will be solved very soon and smoothly.
You will can send us 2-3 non-important files and we will decrypt it for free to prove we are able to give your files back.
Contact us.
restoreassistance_net@wholeness.business
restoreassistance_net@decorous.cyou
In the subject write -'
