Anonymous Ransomware Expands Chaos Family of Clones to Encrypt Data

While scanning online threat databases, we ran into a new form of ransomware that is called simply "Anonymous". This ransomware, which is built on the Chaos ransomware code, encrypts all files, attaches its extension (consisting of four random characters) to each filename, changes the desktop background, and displays a ransom note in a file called "for dencrypt".

For instance, a file named "1.jpg" would be renamed as "1.jpg.4h9n", while "2.doc" would become "2.doc.nh54".

The ransom note alleges that the Anonymous group is aware of the victim's physical location, personal information, and financial details. It also declares that the device has been encrypted and the only way to unlock it is by paying 10 Bitcoins to the designated wallet address. The note threatens that if the ransom is not paid, the stolen information will be publicly disclosed.

The Anonymous ransomware note in full

You are hacked. We are Anonymous.
We know where are you live.We also know your
social media and credit card details. you device
are encrypted.

If you wan’t to unlock so pay 10 bitcoin on this address:
17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
If you wanna to saw us so click this url at darknet
from tor browser watch redroom video live and saw us
who we are.

(alphanumeric string).onion

You are hacked

Social engineering and scare tactics in ransomware similar to Anonymous

Social engineering and scare tactics are often used by ransomware such as Anonymous to manipulate and intimidate victims into paying the ransom. These tactics aim to exploit the victim's fear, anxiety, or urgency to regain access to their encrypted data. For example, Anonymous ransomware claims that the attackers know the victim's personal information and location, and threaten to publish sensitive data if the ransom is not paid within a specified timeframe. These scare tactics are designed to increase the pressure on the victim to pay the ransom and prevent them from seeking alternative solutions or contacting law enforcement.

Why you should never pay ransom to hackers similar to the group operating the Anonymous ransomware

Paying the ransom to hackers operating ransomware such as Anonymous is not recommended for several reasons:

• No Guarantee of Decryption: There is no guarantee that paying the ransom will result in the decryption of your files. Hackers have been known to demand additional payments after receiving the initial ransom or simply not provide the decryption key.
• Encourages Criminal Behavior: Paying the ransom only encourages hackers to continue their criminal activities and target more victims in the future.
• Funds Illegal Activities: The money paid as ransom can be used to fund illegal activities, such as drug trafficking, human trafficking, and terrorism.
• Risk of Further Attacks: Once a hacker knows that a victim or an organization is willing to pay the ransom, they become a target for future attacks.