Venomous Ransomware

Venomous Ransomware Description

Venomous is a ransomware threat that has been detected in the wild by infosec researchers. The threat is capable of impacting the computers it manages to infiltrate severely by initiating an encryption process with a strong cryptographic algorithm. Affected users will lose access to nearly all of their private or work-related data suddenly. The locked files have '.venomous' appended to their original names. It should be noted that, so far, Venomous Ransomware has not been classified as part of any of the already existing malware families, which could mean that it is fairly unique.

Venomous Ransomware's Note

When the threat has finished encrypting the user's data, it will proceed to deliver its ransom message. The instructions from the cybercriminals behind the Venomous Ransomware will be placed inside a newly-generated text file named 'SORRY-FOR-FILES.txt.' According to the note itself, the ransomware threat uses the AES-256 algorithm when it encrypts files. It also warns against renaming the locked files, as that could lead to irreversible damage.

Users are directed towards a dedicated leak site hosted on the TOR network. There, the Venomous Ransomware hackers promise to upload an unlocked sample file. Victims then have one chance to download the file and see if it indeed was decrypted properly. However, to get the key and restore the rest of the data, they are supposed to pay a ransom using the Bitcoin cryptocurrency. For additional details regarding the payment, the note leaves a Telegram account and the 'venomous.files@tutanota.com' email address.

The full text of the ransom note is:

'What happened to your files?

All of your important files encrypted with AES-256 , is a powerful cryptography algorithm
For more information you can use Wikipedia.
Don't rename or edit encrypted files because it will be impossible to decrypt your files

How to recover files????

Your main guarantee is the ability to decrypt test files.
This means that we can decrypt all your files after paying the ransom.

You can upload a sample encrypted file on our site.
And your file will be decrypted. You can download it to test
You can only decrypt the sample file once.
This is to trust us that all your files will be decrypted
Be careful not to change the name before uploading the encrypted file.

*** You need ti install Tor Browser ***
To access a . onion address, you'll need to access it through the Tor Browser.
You can download tor browser from hxxps://www.torproject.org/download

Our site address: hxxp://3udp4kspxiirvxop.onion/

*** send us a message in the Telegram messager ***
After sending bitcoins to us. We will send you your private key decryption program
For Trust You can Send us Test Files And We Decrypt That And Send To You.
To install Telegram, you can search in Google. Download Telegram.
Telegram website: hxxps://telegram.org
Telegram ID : hxxps://t.me/venomous_support
Your unique Id :

*** If telegram was not available for any reason ***
You can email us your encrypted sample file for decryption
Our email address: venomous.files@tutanota.com
Your unique Id :

**** What is Bitcoin? ***
Bitcoin is an innovative payment network and a new kind of money.
You can create a Bitcoin account at https://blockchain.info/ and deposit some money into your account and then send to us

*** How to buy Bitcoin? ***
There are Many way to buy Bitcoin and deposit it into your account,
You can buy it with WesternUnion, Bank Wire, International Bank transfer, Cash deposit and etc
hxxps://localbitcoins.com ---> Buy Bitcoin with WesternUnion or MoneyGram
hxxps://coincafe.com ---> Buy Bitcoin fast and Secure with WesternUnion and Cash deposit
hxxps://www.bitstamp.net ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment
hxxps://www.kraken.com ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment
hxxps://www.kraken.com ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment
hxxps://www.ccedk.com ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment
hxxps://bitcurex.com/ ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment

If you want to pay with your Business bank account you should create a business account in exchangers they don't accept payment from third party.'