DarkRace Ransomware Locks Victim's Files

Security researcher S!Ri recently uncovered DarkRace, a type of ransomware that operates by encrypting files. As part of its malicious actions, the malware adds its own extension (".1352FF327") to the original filenames, resulting in modified file names such as "1.jpg.1352FF327" or "2.png.1352FF327". Furthermore, DarkRace creates a text file named "Readme.1352FF327.txt" that serves as a ransom note.

The contents of the ransom note inform the victims that their data has been both stolen and encrypted. The note includes a threatening message, stating that if the ransom is not paid, the attacker will publicly publish the stolen data on a TOR website. To provide a potential solution, the note offers links to access the TOR browser and assures the victims that upon payment of the ransom, they will receive decryption programs that will restore their data, followed by the deletion of the encrypted files.

Instructions for victims are provided, directing them to contact the attackers through various channels, including TOR sites, qTox chat, or via email at darkrace@onionmail.org. The ransom note also emphasizes the importance of not deleting or altering any files, as doing so may result in difficulties in data recovery and increase the risk of subsequent attacks if the ransom is not paid.

DarkRace Ransom Note Expects Victims to Download Tor Browser

The full text of the ransom note produced by the DarkRace ransomware reads as follows:

DarkRace ransomware

Your data are stolen and encrypted
The data will be published on TOR website if you do not pay the ransom
Links for Tor Browser:
hxxp://wkrlpub5k52rjigwxfm6m7ogid55kamgc5azxlq7zjgaopv33tgx2sqd.onion

What guarantees that we will not deceive you?
We are not a politically motivated group and we do not need anything other than your money.
If you pay, we will provide you the programs for decryption and we will delete your data.
If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future.
Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment.

You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION IDDownload and install TOR Browser hxxps://www.torproject.org/
Write to a chat and wait for the answer, we will always answer you.
You can install qtox to contanct us online hxxps://tox.chat/download.html
Tox ID Contact: **

Mail (OnionMail) Support: darkrace@onionmail.org

Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems!

Warning! If you do not pay the ransom we will attack your company repeatedly again!

Why Should You Not Pay Ransom to Hackers and Have Reliable Backups?

There are several reasons why it is not advisable to pay ransom to hackers and instead focus on having reliable backups. Here are a few key points:

No guarantee of decryption: Paying the ransom does not guarantee that hackers will decrypt your files. They may choose to ignore your payment or provide faulty decryption tools, leaving you with both encrypted files and financial loss.

Encourages more attacks: Paying ransoms incentivizes hackers to continue their malicious activities. By giving in to their demands, you contribute to the profitability of ransomware attacks and encourage further targeting of individuals and organizations.

Funding criminal activities: Ransom payments often go towards supporting criminal enterprises, including activities such as drug trafficking, human trafficking, and terrorism. By paying ransom, you indirectly contribute to these illegal operations.

Focus on prevention and resilience: Instead of relying on paying ransom, it is better to invest in preventive measures and establish resilient systems. Implementing robust cybersecurity practices, regularly updating software, and educating employees about security risks can significantly reduce the likelihood of successful ransomware attacks.

Reliable backups for data recovery: Maintaining reliable backups of your critical data is crucial. Regularly backing up your files to offline or cloud storage ensures that even if your systems are compromised, you can restore your data without paying a ransom. Backups should be regularly tested to ensure they are functioning correctly.

Cybersecurity investments: Rather than allocating resources to paying ransoms, it is more beneficial to invest in cybersecurity measures. This includes implementing firewalls, intrusion detection systems, anti-malware software, and conducting regular security assessments to identify vulnerabilities and mitigate risks.

Overall, by refusing to pay ransoms and focusing on prevention, resilience, and reliable backups, individuals and organizations can take a proactive approach to combatting ransomware attacks and reduce the overall impact of such threats.