Phreaker Ransomware is a Chaos Clone
Phreaker is the name of a new ransomware variant. The new strain is based on old Chaos ransomware code.
Once deployed on a victim system, Phreaker will encrypt the majority of files found on it. Encrypted file types will include media files, documents, executables and archives, as well as database files.
Once encrypted, files receive a new extension appended past their old one. The new extension is a string of four randomly generated alphanumeric characters. This means that a file called "image.png" might turn into something like "image.png.yve9" upon encryption.
The ransom note is dropped inside a file called "read_it.txt" and judging by its contents, right now Phreaker is more of a wiper tool than a proper ransomware variant. The ransom note does not contain any contact email and the @protonmail email placeholder has no username in front of it. The full note is as follows:
Phreaker malware has infected your machine.
Lucky for you this is based out of America and we pride ourseleves on helping you get your files back.
Send a small bitcoin payment off 100$ to
[alphanumeric string]
Email @protonmail of your payment and public key to recieve your private key and decryptor.