Mad Cat Ransomware Demands 0.02 BTC

Our researchers came across a ransomware program named Mad Cat while conducting a routine examination of new file submissions. This type of malware functions by encrypting files and then demanding payment for their decryption.

On our test system, Mad Cat encrypted files and modified their file names. The original names were extended with a four-character extension composed of random characters. For example, a file named "1.jpg" would transform into "1.jpg.6psf," and "2.png" would become "2.png.jwni," and so forth. Once this process was completed, the desktop wallpaper was changed, and a ransom note titled "HACKED.txt" was generated.

The wallpaper message conveyed that the victim's data had been encrypted and urged them to get in touch with the attackers for data recovery. It also indicated that the necessary information could be found in the accompanying text file. The ransom note within the file instructed the victim to make a ransom payment for decryption and transmit the transaction ID to the cybercriminals.

Initially, the demanded amount was specified as 0.02 BTC (Bitcoin cryptocurrency), but it was later revised to 0.05 BTC. At the time of writing, these amounts are roughly equivalent to 600 and 1700 USD, although it's important to note that exchange rates are subject to continuous fluctuations.

Mad Cat Ransom Note Demands Bitcoin Payment

The full text of the Mad Cat ransom note reads as follows:

Mad Cat Ransomware

All your files encrypted, and you can't recover it.

HOW TO RECOVER?

1- Pay [ 0.02 BTC ] to: alphanumeric string

2- Send us Transaction ID Here => Telegram [@WhiteVendor]

Payment informationAmount: 0.05 BTC
Bitcoin Address: alphanumeric string

How Can Ransomware Get Inside Your System?

Ransomware can infiltrate your system through various means, and it's crucial to be aware of these entry points to protect your system effectively. Here are common ways ransomware can get inside your system:

Phishing Emails:
Ransomware often enters systems through malicious email attachments or links. Cybercriminals send deceptive emails that appear legitimate, tricking users into opening infected attachments or clicking on links that download the malware.

Malicious Email Attachments:
Email attachments like Word documents, PDFs, or ZIP files can contain ransomware. When opened, these files execute the malware on your system.

Drive-By Downloads:
Visiting compromised or malicious websites can trigger drive-by downloads. These sites exploit vulnerabilities in your web browser or plugins to automatically download ransomware without your consent.

Exploiting Unpatched Software:
Ransomware can exploit vulnerabilities in outdated or unpatched software to gain access. Regularly update your operating system and applications to protect against these exploits.

Remote Desktop Protocol (RDP) Attacks:
If your RDP is not properly secured, attackers can use brute force attacks to guess your login credentials and gain access to your system. Once inside, they can install ransomware.

Malvertising:
Malicious advertisements (malvertisements) on legitimate websites can redirect users to websites that deliver ransomware. Avoid clicking on suspicious ads.