Bluesky Ransomware

A new ransomware variant was recently discovered by security researchers. The new strain is called the Bluesky ransomware and it belongs to no specific larger family.

Bluesky works like all ransomware does - it encrypts the majority of files found on the victim's system, leaving them unusable. The ransomware affects all popular extensions, including media, document, database and archive file types.

Once encrypted, files receive the ".bluesky" extension appended past their old one. This means that a file called "document.txt" will transform into "document.txt.bluesky" upon encryption.

The ransom demands are contained in two separate files - one in plain text and one in HTML format. The two files are named "# DECRYPT FILES BLUESKY #.txt" and "# DECRYPT FILES BLUESKY #.html" respectively.

The full text of the ransom note goes as follows:

BlueSky DECRYPTOR

Support

Your documents, photos, databases and other important files have been encrypted!

To decrypt your files you need to buy our special software BlueSky DECRYPTOR.

The payment should be made with Bitcoins.

For 6 days, 23 hours, 59 minutes and 56 seconds BlueSky Decryptor will be available for the price of 0.1 BTC ≈ 2,075$.

In 6 days, 23 hours, 59 minutes and 56 seconds the price will increase to 0.2 BTC ≈ 4,150$.

In 13 days, 23 hours, 59 minutes and 56 seconds your private key will be permanently destroyed.

Trial decrypt

Upload 1 .bluesky file for free decryption (maximum size 256kb)

How to buy BlueSky DECRYPTOR?

Register a Bitcoin wallet.

Our recommendations:

hxxps://blockchain.com/wallet

hxxps://coinbase.com/

Purchase Bitcoins.

Our recommendations:

hxxps://bitcoin.org/buy

hxxps://buybitcoinworldwide.com/

hxxps://localbitcoins.com/

hxxps://paxful.com/

Send 0.1 Bitcoins to the following address: [wallet string]

Send 0.1 BTC to the address above

Decrypter will be available after 3 confirmations.