DARKY LOCK Ransomware
DARKY LOCK ransomware is the name of a newly discovered strain of file-encrypting malware. According to researchers, the new variant is a member of the Babuk family of ransomware clones.
DARKY LOCK will perform as most ransomware does - it encrypts files on the targeted system, leaving them unreadable. Once encrypted, the files receive the ".darky" extension. This means that a file originally called "rainbow.jpg" will turn into "rainbow.jpg.darky".
The ransomware affects all widely used file types, including media, document, database and archive file formats.
The ransom note is dropped inside a file named "Restore-My-Files.txt" and the criminals operating the ransomware expect payment of 0.005 BTC.
The full contents of the ransom note are as follows:
---------- Hello -----------
***WELCOME TO DARKY LOCK ***
Your computers and servers are encrypted, and backups are deleted.
We use strong encryption algorithms, so no one has yet been able to decrypt their files without our participation.
The only way to decrypt your files is to purchase a universal decoder from us, which will restore all the encrypted data and your network.
Follow our instructions below, and you will recover all your data:
Pay 0.005 bitcoin to [alphanumeric string]
Send us message with transaction id to darkylock at tutanota dot com
Launch decrypt_bit.exe, which our support will send you through email
We value our reputation. If we will not do our work and liabilities, nobody will pay us. This is not in our interests.
All our decryption software is tested by time and will decrypt all your data.
!!! DO NOT TRY TO RECOVER ANY FILES YOURSELF. WE WILL NOT BE ABLE TO RESTORE THEM!!!