What is Ash Ransomware?

Ash ransomware is the name of a newly discovered strain of file-encrypting malware. The new strain belongs to the Dcrtr ransomware family of clones.

The Ash ransomware will encrypt almost every file on the system and append a complex new extension to encrypted files. A file called "image.jpg" will turn into "image.jpg.[ashtray@outlookpro.net].ash".

The files the ransomware will encrypt include media files, documents, archive files and databases as well as executables.

Once encryption is complete, the ransomware will display a pop-up message and drop a ransom note inside a text file. The more detailed version of the note is inside the pop-up window, which reads as follows:

Warning!

To recover data, write here:

1) servicemanager at yahooweb dot co

2) servicemanager2020 at protonmail dot com (if you are Russian, then you need to register on the site www.protonmail.com through the TOR browser hxxps://www.torproject.org/ru/download/ , since the proton is prohibited in your country)

3) Jabber client - servicemanager at jabb dot im (registration can be done on the website - www.xmpp.jp. web client is located on the site - hxxps://web.xabber.com/)

Do not modify files - this will damage them.

Test decryption - 1 file < 500 Kb.

The text file contains the email used in the encrypted file extension.