What is Ash Ransomware?

Ash ransomware is the name of a newly discovered strain of file-encrypting malware. The new strain belongs to the Dcrtr ransomware family of clones.

The Ash ransomware will encrypt almost every file on the system and append a complex new extension to encrypted files. A file called "image.jpg" will turn into "image.jpg.[ashtray@outlookpro.net].ash".

The files the ransomware will encrypt include media files, documents, archive files and databases as well as executables.

Once encryption is complete, the ransomware will display a pop-up message and drop a ransom note inside a text file. The more detailed version of the note is inside the pop-up window, which reads as follows:

Warning!

To recover data, write here:

1) servicemanager at yahooweb dot co

2) servicemanager2020 at protonmail dot com (if you are Russian, then you need to register on the site www.protonmail.com through the TOR browser hxxps://www.torproject.org/ru/download/ , since the proton is prohibited in your country)

3) Jabber client - servicemanager at jabb dot im (registration can be done on the website - www.xmpp.jp. web client is located on the site - hxxps://web.xabber.com/)

Do not modify files - this will damage them.

Test decryption - 1 file < 500 Kb.

The text file contains the email used in the encrypted file extension.

October 20, 2022
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.