You Don't Want An Attack From FIASKO Ransomware

A new ransomware strain belonging to the Phobos ransomware family was recently spotted in the wild. The new version is called the FIASKO ransomware.

FIASKO encrypts the majority of files on the target system, leaving intact only Windows files so that the system can keep working. Document, media, archive and database files, however, are encrypted and rendered useless.

Once FIASKO encrypts a file it appends a multi-string new extension containing the victim's ID code, the email used by FIASKO's operator and the string ".FIASKO". This means that a file called "document.txt" will turn into "document.txt.id[alphanumeric string].[decrypt2022@msgsafe.io].FIASKO".

The ransom note is dropped inside two separate files, identical in their contents, called "info.hta" and "info.txt". The full text of the ransom demand is as follows:

Hello!

Can i Recover My Files? Sure. We guarantee that you can recover all of your files safely and easily! But You have to be fast!. How fast you will pay as fast all of your data will be back like before encryption.

To contact us:

Download the (Session) messenger (hxxtps://getsession.org) in messenger :"[alphanumeric string]" You have to add this Id - and we will complete our converstion.

In case of no answer in 24 hours write us to this e-mail:decrypt2022 at msgsafe dot io

You have to pay for decryption in Bitcoin ONLY!

ATTENTION !!!

Do not rename encrypted files, do not try to decrypt your data using third party software, it may permanent data loss.

We have been in your network for a long time. We know everything about your company most of your information has already been downloaded to our server. We recommend you to do not waste your time if you dont wont we start 2nd part.