T800 Ransomware
Cybercriminals are using a potent malware threat known as the T800 Ransomware to lock the files of their victims. Ransomware operations have become a lucrative way for hackers to extort money from their victims. By infiltrating the targeted computers and deploying T800, the attackers can encrypt the vast majority of the data stored on the breached device. Victims will discover that they are no longer able to access any of their documents, PDFs, photos, archives, databases and more.
As part of its invasive actions, the T800 Ransomware also will mark each locked file by modifying its original name. It does so by appending '.t800' to the filenames as a new extension. Victims will be left with a set of instructions delivered as a text file named '!!!HOW_TO_DECRYPT!!!.txt'
Ransom Note's Details
According to the ransom note, the victim's files are encrypted with a combination of two strong cryptographic algorithms - TermCryptS3v2 and RSA-2048. It also states that restoration of the data is impossible without having the decryption key that the attackers possess.
Affected users are instructed to pay a ransom of $250. However, the funds will only be accepted if they are sent using the Bitcoin cryptocurrency. The cybercriminals expect the money to be transferred to the crypto-wallet address mentioned in the ransom-demanding message. The note also mentions two ways to potentially contact the attackers - a '@t1000rn' Telegram account and 't1000rn@404.city' in Jabber.
The full text of the instructions dropped by T800 Ransomware is:
'########################################################
############### You became victim of the .T800 Ransomware-Virus ###############
########################################################
## Special ID: b923a9855a
########################################################
## The harddisks of your computer have been encrypted with an military grade
## encryption algorithm TermCryptS3v2+RSA2048.
## There is no way to restore your data without a special key.
########################################################
########################################################
## To decrypt the files, you need to pay 250 USD in bitcoins to the BTC wallet below,
## then after 1 confirmation of the bitcoin network, you can get the decryptor
## by writing to the following contact contacts!
## -
## BTC Wallet - 38wDGRKde7UijxBrup9BNnEUopKexyRpZz
## -
## Exchangers for exchanging for cryptocurrency: >>> hxxps://www.bestchange.net <<<
## -
## If you want to decrypt your files, you have to get RSA private key.
## After the successful payment and decrypting your files, we will give
## you FULL instructions HOW to IMPROVE your security system.
## -
## hxxp://kwk62hefhey3zh4ki332d7uluww5oilm4c6t5tnhb4g5hrf7a2szvlqd.onion/chat
## TELEGRAM us: >> @t1000rn <<
## Jabber: >> t1000rn@404.city FULL ONLINE <<
## -
>>> Do not pay data recovery companies to get the key, they will email me! <<<
################## We ready to answer all your questions! #####################
------------------------------------------------
################# HOW to understand that we are NOT scammers? #################
######### You can ask SUPPORT for the TEST-decryption for ONE file! ###########
########################### LIST OF ENCRYPTED FILES ###########################'
