Colambia Ransomware Joins ZEPPELIN Family of Clones
Colambia is a new ransomware variant that belongs to the relatively unknown family of ZEPPELIN ransomware clones.
The new variant was discovered in August 2022 and it works as you would expect. Colambia encrypts files and leaves them unusable. Once encrypted, files receive a new extension composed of the ".colambia" string and the victim's alphanumeric ID.
This means that if a file was named "rainbow.jpg" before encryption, it would turn into "rainbow.jpg.colambia.[alphanumeric string]" once encrypted.
The ransomware's encryption algorithm will affect most media, document, database and archive file types.
When encryption completes, the ransom demands are deposited inside a text file named "!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT". The full contents of the ransom note are as follows:
!!! ALL YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
To be sure we have the decryptor and it works you can send an email: royroy at cock dot li and decrypt one file for free.
But this file should be of not valuable!
Do you really want to restore your files?
Write to email: royroy at cock dot li
Reserved email: colambia at tutanota dot com
1. Visit hxxps://tox.chat/download.html
2. Download and install qTOX on your PC.
3. Open it, click "New Profile" and create profile.
4. Click "Add friends" button and search our contact - [alphanumeric string]
Your personal ID: -
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.