Watch Ransomware

By CagedTech in Ransomware

Translate To:

Cybercriminals are leveraging another threatening Dharma ransomware variant to lock the data of their victims. The threat is being tracked as the Watch Ransomware and its impact on the infected devices could be significant. Affected users could be put in a situation where they can no longer access any of their personal or business-related files - documents, archives, databases, PDFs, images, etc. Due to the cryptographic algorithm used in the encryption of the files, restoration of the data is practically impossible without the proper decryption keys.

The Watch Ransomware exhibits the typical behavior associated with Dharma variants. The threat will generate an ID string for the specific victim and add it to the names of the locked files. In addition, the 'watch@msgden.net' email address and '.watch'also will be appended to the original names of the process files. Victims will then be left with two ransom notes. One will be dropped on the desktop of the breached device as a text file named 'info.txt,' while the other will be shown in a new pop-up window.

The text file delivers just a couple of lines to the affected victims, mainly instructing them to contact either the 'watch@msgden.net' email or a secondary address at 'watch@mykolab.ch. The information in the pop-up window also lacks many important details. It just mentions the same two email addresses, while also warning users to not rename the locked files or try to use third-party software tools or services to decrypt them.

The cybercriminals' message shown in a pop-up window is:

'YOUR FILES ARE ENCRYPTED
watch@msgden.net
Don't worry, you can return all your files!
If you want to restore them, write to the mail: watch@msgden.net YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:watch@mykolab.ch
ATTENTION!
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

The text file delivers the following information:

'all your data has been locked us
You want to return?
write email watch@msgden.net or watch@mykolab.ch'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Watch Ransomware

Submit Comment

Related Posts

Watchfilmy7.com

Watchheavilycurrentinfo-product.info

Hurawatch.at

Shortwatches.org

Watchheavilyrenewedinfo-product.info

Pornwatchers.com

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen