GetAnAntivirus Ransomware Tries to Be Funny
A new strain of ransomware using rehashed Chaos ransomware code was discovered in the wild. The new variant has the somewhat humorous name GetAnAntivirus ransomware.
The GetAnAntivirus ransomware encrypts files as all Chaos clones do. Affected extensions include all widely used media, archive, document and database files. Once encrypted, files receive the ".GetAnAntivirus" extension. This will transform a file called "archive.zip" into "archive.zip.GetAnAntivirus" upon encryption.
The ransomware deposits its ransom demands inside a file named "read_it.txt" and changes the system wallpaper to an image of one of the earliest scary, clown-like faces belonging to the "creepypasta" category of images. The ransomware author seems to fancy themselves a bit of a joker and entertainer too, given the contents of the ransom note. Here is the note in full:
Hi I´m Your Mum,
Ok no, I'm actually a Virus and Your PC is now mine. (btw I encrypted all your files)
Don't worry, you can get them back.
How can you get them back?
Well,...
You must follow these steps To decrypt your files :
Write on our e-mail: AnnaSenpai947603 at proton dot me.
Get some Bitcoins, because to get your files back, you have to pay 500$ to my Wallet.
(by the way it's [alphanumeric string])
Send us a proof, that you sent the money. (Screenshot, etc.)
Pro tip:
Get a good Antivirus (My Choise: MalwareBytes)
It seems with ransomware code more easily accessible and with ransomware-as-a-service being prevalent too, every 16-year-old script kiddie can throw together their own ransomware clone. Of course, negotiations with criminals, even if it’s over a small sum like $500, is never advisable.