Datah Ransomware is a Makop Clone

ransomware

While analyzing new malware samples, we came across a ransomware variant affiliated with the Makop family, known as Datah. This ransomware encrypts files and generates a ransom note named "+README-WARNING+.txt," containing contact details and instructions. Additionally, Datah alters file names.

Datah modifies file names by adding the victim's ID, datahelper@onionmail.org email address, and the ".datah" extension. For instance, it changes "1.jpg" to "1.jpg.[2AF20FA3].[datahelper@onionmail.org].datah," and "2.png" to "2.png.[2AF20FA3].[datahelper@onionmail.org].datah," and so forth.

The ransom note notifies the victim about the encryption of their files but assures that the file structure remains unchanged. It emphasizes that recovery is solely possible by paying the ransom to the threat actors responsible for the encryption. The cybercriminals offer a demonstration of their decryption capability by allowing the victim to decrypt two small files as a test.

Contact details are provided through an email address (datahelper@onionmail.org) and a TOX ID. The note concludes with a strong warning against attempting to modify the encrypted files independently, cautioning that any alterations could result in data loss and the permanent loss of the decryption private key, leaving the victim with irrecoverable data.

Datah Produces Lengthy Ransom Note

The full text of the long ransom note generated by Datah reads as follows:

Greetings

Little FAQ:

1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.

2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.

3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.

4.
Q: How to contact with you?
A: You can write us to our mailbox: datahelper@onionmail.org
Or you can contact us via TOX: B99CB0C13B44E2A1AEBAEB28E70371D6E3DB35DA801721930B53B0E787433270665DA610BAB0
You can download TOX: hxxps://qtox.github.io/

5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.

6.
Q: If I don t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.

BEWARE
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.

What Are the Best Ways to Protect Your Data from Ransomware Attacks?

Protecting your data from ransomware attacks is crucial to safeguarding your personal and business information. Here are some of the best practices to help mitigate the risk of ransomware:

Regular Backups: Maintain regular backups of your important data on offline or cloud-based storage. This ensures that even if your files are encrypted by ransomware, you can restore them from backup without having to pay the ransom.

Update Software: Keep your operating system, antivirus software, and all applications up to date with the latest security patches and updates. Vulnerabilities in outdated software can be exploited by ransomware attackers.

Educate Employees: Provide comprehensive cybersecurity awareness training to employees to help them recognize phishing emails, malicious links, and other potential ransomware attack vectors. Encourage a culture of skepticism towards unsolicited emails and attachments.

Use Antivirus and Antimalware Software: Install reputable antivirus and antimalware software on all devices and ensure they are regularly updated. These tools can help detect and prevent ransomware infections.

Implement Network Security Measures: Utilize firewalls, intrusion detection systems, and other network security measures to monitor and protect against unauthorized access and malicious activity on your network.

Restrict User Permissions: Limit user permissions to only those necessary for their job roles. This can help prevent ransomware from spreading laterally across your network in the event that one user's system is compromised.

Enable Email Filtering: Implement email filtering solutions to block phishing emails and malicious attachments before they reach users' inboxes. This can significantly reduce the likelihood of ransomware infections via email.

Disable Remote Desktop Protocol (RDP): If not required for business operations, consider disabling RDP or implementing additional security measures such as multi-factor authentication to prevent unauthorized access via RDP.

By Zaib
April 11, 2024
Ransomware
English
April 11, 2024
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Softcnapp Potentially Unwanted Application

2 months ago

Error: Ox800VDS Pop-up Scam

17 days ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

9 months ago

Venanco.com Scam

21 days ago

'American Express - Update Your Account Information' Email Scam

7 months ago

Related Posts

Ransomware

Dkey Ransomware is Another Dharma Clone

Dkey ransomware is a newly discovered ransomware variant that belongs to the Dharma family of ransomware clones. Dkey encrypts almost every file on the system and then asks for the ransom payment. Affected file... Read more

October 11, 2022
Ransomware

Phreaker Ransomware is a Chaos Clone

Phreaker is the name of a new ransomware variant. The new strain is based on old Chaos ransomware code. Once deployed on a victim system, Phreaker will encrypt the majority of files found on it. Encrypted file types... Read more

October 5, 2022
Ransomware

Ety Ransomware is a New Xorist Clone

A new ransomware strain based on Xorist ransomware code was discovered in late 2022. The new variant is called the Ety ransomware. Ety encrypts files on the target system and leaves them in a scrambled state.... Read more

November 29, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.