The TreamDarkAnon malware threat falls into the ransomware category. These threats are designed specifically to attack the data of their victims and leave it in an unusable state. To achieve this goal, the ransomware threat is equipped with a sufficiently strong encryption routine. Typically, victims will discover that they can no longer access or use any of the documents, photos, images, PDFs, archives, databases and other file types stored on the breached devices.
As part of its actions, the TeamDarkAnon Ransomware ao will mark the affected files by appending '.anon' to their names. Two messages with instructions will be left on the infected system. The main ransom note will be dropped as a text file named 'read_it.txt,' while an additional message will be displayed as a new desktop background.
According to the ransom notes of the threat, the only way to reach the cybercriminals is via their Telegram account at '@TeamDarkAnon.' Apparently, the attackers will only accept Bitcoin in ransom payments. It should be noted that the message shown in the background image contains phrases that appear to be in Hindi, the official language of India.
The full text of TeamDarkAnon's ransom note is:
'Don't worry, you can return all your files!
All your files like documents, photos, databases and other important are encrypted
What guarantees do we give to you?
You must follow these steps To decrypt your files :
1) Open Telegram and Come @TeamDarkAnon
2) Obtain Bitcoin (You have to pay for decryption in Bitcoins.
After payment we will send you the tool that will decrypt all your files.)
The text displayed as a desktop background is:
Kya Hua Bhai Offend Kyo Ho Raha Hai Ransomware Attack Hi To Kiya Hai
Aja Yaha @TeamDarkAnon'