- Jul 22, 2014
- 2,525
If you want to know what some ransomware developers think about the USA, you can get a good idea from the ransom note of the Sanctions Ransomware that was released in March. Dubbed Sanctions Ransomware due to the image in the ransom note, the developer makes it fairly obvious how they feel about the USA and their attempts to sanction Russia.
I was tipped off about this new ransomware after someone was infected and had their files encrypted with the .wallet extension. This extension is typically associated with the Crysis/Dharma ransomware, but according to Michael Gillespie, the creator of ID-Ransomware, the files encrypted by Sanctions do not contain the standard Dharma/Crysis file markers as shown below
....
....
As this is a very large ransom payment and due to the fact that this ransomware is not in wide circulation, it leads me to believe that this ransomware developer may be conducting targeted attacks.
Unfortunately, this is all the information we have at this time.
........
I was tipped off about this new ransomware after someone was infected and had their files encrypted with the .wallet extension. This extension is typically associated with the Crysis/Dharma ransomware, but according to Michael Gillespie, the creator of ID-Ransomware, the files encrypted by Sanctions do not contain the standard Dharma/Crysis file markers as shown below
....
....
As this is a very large ransom payment and due to the fact that this ransomware is not in wide circulation, it leads me to believe that this ransomware developer may be conducting targeted attacks.
Unfortunately, this is all the information we have at this time.
........