A new strain of file-encrypting malware was spotted in the wild by independent security researcher Petrovic.
The new strain is called the Agenda ransomware and it does not seem to belong to any particular big family of ransomware clones. The malware will encrypt the majority of files on a victim system and append the ".OnHnnBvUej" extension to encrypted files. This would make a file previously called "document.txt" turn into "document.txt.OnHnnBvUej" once it has been encrypted.
The ransomware encrypts the vast majority of files found on the targeted system, including most media, archive and document extensions.
The ransom note is dropped inside a file with a name generated for each instance, following this pattern: "[random_string]-RECOVER-README.txt".
The ransom note's text is as follows:
-- Agenda
Your network/system was encrypted.
Encrypted files have new extension.
-- Compromising and sensitive data
We have downloaded compromising and sensitive data from you system/network
If you refuse to communicate with us and we do not come to an agreementyour data will be published.
Data includes:
- Employees personal dataCVsDLSSN.
- Complete network map including credentials for local and remote services.
- Financial information including clients databillsbudgetsannual reportsbank statements.
- Complete datagrams/schemas/drawings for manufacturing in solidworks format
- And more...
-- Warning
1) If you modify files - our decrypt software won't able to recover data
2) If you use third party software - you can damage/modify files (see item 1)
3) You need cipher key / our decrypt software to restore you files.
4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions.
-- Recovery
1) Download tor browser: hxxps://www.torproject.org/download/
2) Go to domain
3) Enter credentials
-- Credentials
Extension: -
Domain:
login: -
password: -(EXTRA string=same as login)
How To Automatically Stop and Remove Agenda Ransomware To Prevent File Encryption
The OnlyFans Ransomware is a piece of malware that pretends to be a fully-fledged file-encryption Trojan that possesses the ability to encrypt the files of its victims. However, the criminals also pretend to be part...
Read more
Snick Ransomware is a dangerous malware threat that comes from the Makop family of malware threats. The actions of Snick Ransomware start with seeking out certain files, encrypting them, and then appending the .snick...
Read more
The Linda ransomware is a newly discovered strain of file-encrypting malware. The ransomware belongs to the family of VoidCrypt ransomware clones. Encryption is fairly straightforward - Linda would encrypt most...
Read more
We develop data management software solutions designed to make encryption accessible and
bring simplicity and organization to your everyday online life.
FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full
functionality for the length of the Free Trial. (Full functionality after Free Trial requires
subscription purchase.) To learn more about our policies and pricing, see
EULA, Privacy Policy, Discount Terms
and Purchase Page. If you wish to uninstall the app, please visit
the Uninstallation Instructions page.
Cyclonis.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.