Multi-Device Licenses (Volume Discounts)

Change Region

English Dansk Deutsch Español Français Italiano Nederlands Polski Português Svenska Türkçe български език Русский हिन्दी 日本語 汉语 漢語 한국어
Threat Database Ransomware WOLF Ransomware

WOLF Ransomware

By Mezo in Ransomware
Translate To:
English

WOLF Ransomware is part of the Dharma malware family. The threat may be another variant that lacks any further improvements but its potential to cause damage should not be underestimated. It aims to infiltrate the user's computer and lock the files stored there with a strong encryption algorithm. Afterward, the affected users will be extorted for money if they want to receive the required decryption key and software tool from the attackers.

Whenever the threat encrypts a file, it will change that file's original name following the usual pattern observed in the Dharma variants. First, an ID string assigned to the specific victim will be appended. Then, an email under the control of the hackers will be added, before finally '.WOLF' is placed as a new file extension. The email used in the names of the encrypted files is 'seawolf@onionmail.org.' As for the instructions to the victims, they are delivered as two separate ransom notes.

WOLF Ransomware's Demands

Inside the text files named 'info.txt,' the hackers place just a couple of sentences. They tell the victims to contact the 'seawolf@onionmail.org' and 'seawolf@msgsafe.io' email addresses for more details. A longer note, albeit also lacking many of the important information usually present in these ransom notes, will be displayed in a pop-up window. It contains mostly warnings, such as not to rename the locked files, as doing so could lead to irreversible damage. The same two email addresses are also present here.

The full text of the pop-up note is:

'YOUR FILES ARE ENCRYPTED
1024
Don't worry, you can return all your files!
If you want to restore them, write to the mail: seawolf@onionmail.org YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:seawolf@msgsafe.io
ATTENTION!
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The text files contain the following message:

all your data has been locked us
You want to return?
write email seawolf@onionmail.org or seawolf@msgsafe.io'

Related Posts

Trending

Most Viewed

Loading...