Zhirinovsky Ransomware
The infosec community has detected a new threatening ransomware malware, that has been released in the wild. The threat is being tracked as the Zhirinovsky Ransomware and is capable of causing serious damage to the computer systems it infects. Victims will find that nearly all of their files have become both inaccessible and unusable. The threat is able to lock a large number of different file types - PDFs, documents, archives, databases and more.
During the encryption process, the threat will append '.Zhirinovsky' to the original names of the locked files as a new extension. The instructions from the attackers will then be delivered to the breached system in the form of a text file. The name of the file carrying Zhirinovsky's ransom note is '#Decrypt#.txt.'
Demands Overview
According to the note, the cybercriminals responsible for the Zhirinovsky Ransomware also have managed to collect sensitive private data from the compromised systems. They now threaten to either sell that information or release it for free on the Dark Web. To prevent this outcome, victims are expected to contact the hackers within a 72 hour following the ransomware attack.
For that purpose, the ransom note mentions two different communication channels. The first one is via the ICQ application with victims instructed to message '@Zhirinovsky.' The alternative option is to contact 'Zhirinovsky Decryption' via Skype.
The full text of the note is:
'Hello my dear friend
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them, install ICQ software on your PC hxxps://icq.com/windows/ or on your mobile phone search in Appstore / Google market ICQ
Write to our ICQ @Zhirinovsky hxxps://icq.im/supersusdecryption
Skype Zhirinovsky Decryption
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write, the more favorable the conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption
IF WE DONT SEE MESSAGES FROM YOU IN 72 HOURS - WE WILL SELL YOUR DATABASES AND IMPORTANT INFORMATION TO YOUR COMPETITORS,AFTER YOU WILL SEE IT AT OPEN SOURCE AND DARKNET
tell your unique ID'
