Carver Ransomware is a Phobos Clone Designed to Encrypt Files and Demand Ransoms

ransomware

Carver ransomware is a malicious program that belongs to the Phobos ransomware family, designed to encrypt data and demand ransoms for decryption. After running a sample of Carver on a test machine, it encrypted files by modifying their filenames with a unique ID, the cyber criminals' email address, and a ".Carver" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3455].[ineedatool@rape.lol].Carver".

Once the encryption process was completed, Carver ransomware created two ransom notes, "info.hta" (pop-up window) and "info.txt". The text file informs victims that their data has been encrypted and directs them to contact the attackers. The pop-up window message clarifies that the decryption process requires a Bitcoin cryptocurrency ransom payment. The ransom amount is not specified in the note, but it is said to depend on how quickly victims contact the cyber criminals responsible for the attack. Prior to paying the ransom, victims can test decryption (within certain specifications) free of charge.

The message concludes with a warning against renaming the encrypted files and using third-party decryption tools, as that may render the data undecryptable.

The Carver Ransom Note Copies Usual Phobos Pattern

The full ransom note produced by the Carver ransomware uses the usual Phobos template and reads as follows:

All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail ineedatool@rape.lol
Write this ID in the title of your message -
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.

Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

How Can Ransomware Like Carver Get on Your System?

Ransomware like Carver can infect your system through various methods. Some common ways include:

Phishing emails: Cybercriminals may send phishing emails with malicious attachments or links. Once you download and open the attachment or click on the link, the ransomware may get downloaded onto your system.

Malicious websites: Visiting untrusted or malicious websites can also result in downloading ransomware onto your system. Malware can get installed through software vulnerabilities or by tricking you into downloading and installing a fake software update.

Vulnerable software: Ransomware can exploit vulnerabilities in software that hasn't been updated or patched. Attackers can gain access to your system through outdated software such as operating systems, browsers, and plugins.

Unsecured RDP: Remote Desktop Protocol (RDP) is a common target for attackers. If you have RDP enabled on your system and it's not secured with strong passwords or two-factor authentication, attackers can easily gain access to your system.

To prevent ransomware attacks, it's essential to keep your system and software up-to-date, use strong and unique passwords, and be cautious while opening email attachments or clicking on links. It's also advisable to use reputable antivirus software and backup your data regularly.

By Zaib
March 8, 2023
Ransomware
English
March 8, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Agenda Ransomware Will Encrypt Your Files

A new strain of file-encrypting malware was spotted in the wild by independent security researcher Petrovic. The new strain is called the Agenda ransomware and it does not seem to belong to any particular big family... Read more

July 15, 2022
Ransomware

Snick Ransomware Encrypts Several Files

Snick Ransomware is a dangerous malware threat that comes from the Makop family of malware threats. The actions of Snick Ransomware start with seeking out certain files, encrypting them, and then appending the .snick... Read more

March 3, 2022
Ransomware

OnlyFans Ransomware Pretends to Encrypt Files

The OnlyFans Ransomware is a piece of malware that pretends to be a fully-fledged file-encryption Trojan that possesses the ability to encrypt the files of its victims. However, the criminals also pretend to be part... Read more

April 15, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.