DONKEYHOT Ransomware Relies on ICQ
DONKEYHOT is the name of a new ransomware variant. This time, the new strain does not seem to belong to any big family of ransomware clones.
It seems the threat actor behind the DONKEYHOT ransomware may be Russian, as the name DONKEYHOT is phonetically the same as the Russian pronunciation of "Don Quixote".
The ransomware encrypts files and appends the victim ID, ICQ handle of the operator and the string ".DONKEYHOT" to encrypted files. This will make a file called "image.jpg" transform into "image.jpg.[ID string].[ICQ_DONKEYHOT].DONKEYHOT" upon successful encryption.
The ransom note lists no specific ransom demand and is contained inside a file named "#HOW_TO_DECRYPT#.txt". The full text of the ransom note goes as follows:
Hello my dear friend!
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them, write to our mail: donkeyhot at onionmail dot org
Best option is to write us via ICQ live chat which works 24/7: @DONKEYHOT
Install ICQ software on your PC hxxps://icq.com/windows/ or on your smartphone search for "ICQ" in Appstore / Google market
Write to our ICQ @DONKEYHOT hxxps://icq.im/DONKEYHOT
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* We are always ready to cooperate and find the best way to solve your problem.
* The faster you write, the more favorable the conditions will be for you.
* Our company values its reputation. We give all guarantees of your files decryption, such as test decryption some of them.
We respect your time and waiting for respond from your side.
Tell your MachineID: - and LaunchID: -
SENSITIVE DATA ON YOUR SYSTEM WAS DOWNLOADED.
IF YOU DON'T WANT YOUR SENSITIVE DATA TO BE PUBLISHED YOU HAVE TO ACT QUICKLY.
Data includes:
- Employees personal data, CVs, DL, SSN.
- Complete network map including credentials for local and remote services.
- Private financial information including: clients data, bills, budgets, annual reports, bank statements.
- Manufacturing documents including: datagrams, schemas, drawings in solidworks format
- And more...








