FirstKill Ransomware Seemingly Made by Polish Threat Actor
FirstKill is the name of a newly discovered ransomware strain. It does not seem to belong to one of the bigger, popular ransomware families.
FirstKill will encrypt the victim system, leaving almost every file on it scrambled. The encryption process will affect practically every file that is not system-essential and will include executables, document and archive file types.
Once encrypted, the files receive the ".FirstKill" extension appended past their original one. This means that a file originally called "document.txt" will turn into "document.txt.FirstKill" once it gets encrypted.
The FirstKill ransomware drops its ransom note inside a file named "CO_SIĘ_STAŁO.html", which is Polish for "what happened". This strongly implies that the ransomware is authored and operated by a threat actor based in Poland.
There is no known decryption tool for the FirstKill ransomware at this time and the only viable option for recovering files encrypted by it remains to revert to backup copies from external storage.