ADMON Ransomware Will Lock Your System


While examining submissions of new malware files, our team of malware researchers came across ADMON ransomware, which exhibits distinctive characteristics. This ransomware encrypts files and modifies their filenames by appending the extension ".ADMON". Furthermore, it leaves behind a ransom note labeled "RESTORE_FILES_INFO.txt".

For instance, a file originally named "1.jpg" would be transformed into "1.jpg.ADMON", while "2.png" would become "2.png.ADMON", and so on.

The ransom note serves to inform the victims about the extent of the attack on their network. It states that their computers and servers have been locked, and their private data has been exfiltrated by the attackers. The stolen data encompasses various types, such as contracts, customer information, financial data, HR records, databases, and more.

To coerce the victims into complying with their demands, the attackers threaten to publicly expose all the acquired data unless the victims establish contact within a three-day timeframe. The note concludes by providing instructions on how to reach the attackers and outlines the benefits the victims would receive if they comply. These benefits include full decryption of their machines, deletion of their data from the attackers' servers, recommendations for fortifying their network perimeter, and an assurance of complete confidentiality regarding the incident.

ADMON Uses Overly Lengthy Ransom Note

The full text of the ADMON ransom note goes as follows:

What happened?

Your network was ATTACKED, your computers and servers were LOCKED,
Your private data was DOWNLOADED:

  • Contracts
  • Customers data
  • Finance
  • HR
  • Databases
  • And more other…

What does it mean?

It means that soon mass media, your partners and clients WILL KNOW about your PROBLEM.

How it can be avoided?

In order to avoid this issue,
you are to COME IN TOUCH WITH US no later than within 3 DAYS and conclude the data recovery and breach fixing AGREEMENT.

What if I do not contact you in 3 days?

If you do not contact us in the next 3 DAYS we will begin DATA publication.
We will post information about hacking of your company on our twitter hxxps:// or hxxps://

I can handle it by myself

It is your RIGHT, but in this case all your data will be published for public USAGE.

I do not fear your threats!

That is not the threat, but the algorithm of our actions.
If you have hundreds of millions of UNWANTED dollars, there is nothing to FEAR for you.
That is the EXACT AMOUNT of money you will spend for recovery and payouts because of PUBLICATION.
You are exposing yourself to huge penalties with lawsuits and government if we both don't find an agreement.
We have seen it before cases with multi million costs in fines and lawsuits,
not to mention the company reputation and losing clients trust and the medias calling non-stop for answers.

You have convinced me!

Then you need to CONTACT US, there is few ways to DO that.

---Secure method---

a) Download a qTOX client: hxxps://
b) Install the qTOX client and register account
c) Add our qTOX ID: 671263E7BC06103C77146A5ABB802A63 F53A42B4C4766329A5F04D2660C99A3611635CC36B3A
d) Write us extension of your encrypted files .ADMON

Our LIVE SUPPORT is ready to ASSIST YOU on this chat.

What will I get in case of agreement

You WILL GET full DECRYPTION of your machines in the network, DELETION your data from our servers,
RECOMMENDATIONS for securing your network perimeter.


How is Ransomware Like ADMON Distributed Online?

These are some of the most common methods used to distribute ransomware like ADMON:

  • Phishing Emails: Cybercriminals send deceptive emails that appear legitimate, often impersonating trusted organizations or individuals. These emails may contain malicious attachments or include links to websites hosting ransomware. Once users interact with these elements, the ransomware is downloaded and executed on their systems.
  • Malicious Websites: Attackers may create malicious websites or compromise legitimate ones to distribute ransomware. Unsuspecting users may visit these websites or click on malicious advertisements, leading to the automatic download and installation of the ransomware onto their devices.
  • Exploit Kits: Cybercriminals may utilize exploit kits, which are tools that take advantage of vulnerabilities in software or operating systems. When users visit compromised websites, the exploit kit scans their system for vulnerabilities and deploys the ransomware if a suitable vulnerability is found.
  • Remote Desktop Protocol (RDP) Attacks: Ransomware can also be distributed by exploiting weak or poorly secured RDP connections. Attackers can gain unauthorized access to a system through RDP and manually install the ransomware or use automated tools to deploy it.

It's important to note that ransomware distribution methods evolve over time as cybercriminals adapt their tactics. To stay protected, it's crucial to maintain up-to-date security software, exercise caution when opening email attachments or clicking on links, regularly update your operating system and applications, and implement strong security practices such as using complex passwords and enabling two-factor authentication.

May 17, 2023

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.