Miami44 Ransomware

The Miami44 ransomware is a new strain of file-encrypting malware that belongs to the broader Chaos ransomware family.

The Miami44 ransomware behaves as expected - it encrypts the majority of files on a target system, leaving them unreadable and scrambled. Affected file types include most media formats, documents and archives, as well as databases.

Once encryption is complete, the ransomware appends a new extension following the original one. The new extension consists of four random alphanumeric characters. In this way, a file originally called "document.docx" might transform into something like "document.docx.j7td".

The ransom note is dropped inside a file called "README.txt" and asks for payment in cryptocurrency, as expected.

The full text of the ransom note goes as follows:

Oh no! Your files are encrypted!

Don't worry, you can send us ONLY 3 Encrypted files of yours and we decrypt them.

To get the Decryptor, please read the instructions below.

You must follow these steps To decrypt your files :   

Write on our e-mail :miami44 at gmailvn dot net ( In case of no answer in 24 hours check your spam folder).

Obtain Bitcoin (You have to pay for decryption in Bitcoins.

After payment we will send you the tool that will decrypt all your files.)

The ransom expected is not disclosed. Of course, it is never a good idea to barter with criminals and try to negotiate a ransom, and the best way to restore affected files remains an offline backup.

May 30, 2022