Clown Ransomware is One More Chaos Clone Leveraging Cryptocurrency Mining
Our researchers recently uncovered a new ransomware strain called Clown, which is based on the Chaos ransomware. We tested the Clown ransomware by running a sample on our system and discovered that it encrypts files and adds the ".clown" extension to their filenames. For example, a file named "1.jpg" would become "1.jpg.clown" after encryption. The ransomware then dropped a ransom note named "read_it.txt" on the desktop.
The ransom note informed victims that their files had been encrypted and that the only way to recover them is by purchasing the decryption software from the attackers. The ransom price is 2.14 BTC (Bitcoin cryptocurrency), which was stated to be equivalent to $24,622.70 USD in the message. However, this conversion rate is not accurate, and 2.14 BTC is worth around 50 thousand USD at the time of writing. It is important to remember that cryptocurrency conversion rates are subject to frequent fluctuations.
Based on our extensive research and analysis of numerous ransomware infections, we can infer that it is usually impossible to decrypt files without the intervention of cybercriminals. There are only a few exceptions, such as attacks involving severely flawed ransomware or programs that are still in the development phase. Therefore, it is crucial to take steps to prevent ransomware attacks, such as regular backups, using strong antivirus software, and being cautious with email attachments and downloads.
Clown Ransom Note Asks for Hefty Sum
The complete text of the ransom note used by the Clown ransomware reads as follows:
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $24,622.70. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.comPayment informationAmount: 2.1473766 BTC
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
Why Is it Not a Good Idea to Pay Ransom to Hackers?
It is not a good idea to pay a ransom to hackers for several reasons. Firstly, paying the ransom does not guarantee that the attackers will provide the decryption key or software needed to recover the encrypted files. In some cases, victims who paid the ransom were still unable to recover their data, even after complying with the attacker's demands. Additionally, paying the ransom only encourages and supports the cybercriminal's illegal activities, making them more likely to continue their malicious actions and potentially target the same victim or others again in the future.
Furthermore, paying the ransom can have legal implications and can make the victim a party to a crime. Ransom payments can violate local and international laws, and some countries prohibit payments to sanctioned entities or individuals. It can also fuel the development and proliferation of more advanced and harmful ransomware, as attackers use the proceeds to fund further research and development.
Finally, paying the ransom only reinforces the notion that ransomware attacks are a profitable way for attackers to make money, which may encourage them to continue their activities and target more victims in the future. It is recommended to take preventive measures, such as regularly backing up important data, using reputable antivirus software, and being cautious with suspicious emails and attachments, to protect against ransomware attacks.
