Termit Ransomware Description
The Termit Ransomware is a crypto locker that has been created by using the code of another threat called Dcrtr Ransomware with as little modifications as possible. In fact, the biggest aspects that differentiate Termit are the extension it uses for the encrypted files and the communication channels it provides for its victims.
The Termit Ransomware is still extremely threatening, though. It can lock users out of their computers effectively by rendering nearly all of the files on them unusable. The strong encryption algorithm ensures that the data will not be restored through any brute-force attempts. Affected files will have the email address 'firstname.lastname@example.org,' followed by the extension '.termit' appended to their original filenames. The ransom note is delivered in the form of text files named 'ReadMe_Decryptor.txt' that will be dropped in every folder that has encrypted files in it.
The instructions by the hackers are rather brief. They simply inform their victims to establish communication by sending a message to the 'email@example.com' email address. If there is no response, a secondary email at 'firstname.lastname@example.org' is also provided. Jabber could also be used, but the criminals warn they may not see the message immediately. All of the communication should be in English. Victims of Termite Ransowmare are told that they can send files that do not exceed 500KB to be decrypted for free.
The original text of the ransom note found in the 'ReadMe_Decryptor.txt' files is:
'For decryption write here - email@example.com (Write only in English)
If you do not receive an answer write here - firstname.lastname@example.org
Jabber contact for online communication (not always available, but I will answer as I see) - email@example.com (xmpp.jp - registration, Web client - hxxps://Web.xabber.com )
Don't modify the files - you will ruin them. Test decryption < 500 kb (not databases and important files, only for demonstration of decryption).'