Ransomcrow Ransomware Asks for Modest Ransom Payment
Ransomcrow is the name of a newly discovered ransomware variant. It does not seem to belong to any big ransomware clone family.
The Ransomcrow ransomware encrypts files on the system it gets deployed on, leaving them in an unreadable state. Once encrypted, files receive a simple new extension appended past their original one. The encryption process will make a file named "picture.jpg" turn into "picture.jpg.encrypted".
The ransomware will scramble most files found on the target system, including media, document and archive files. Once the encryption process completes, the ransomware drops its ransom demands inside a text file named "readme.txt" and changes the system's wallpaper.
The ransom note is pretty brief and to the point and asks for just 50 Euros worth of cryptocurrency in ransom payment. The full note goes as follows:
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.
What can I do to get my files back? You can buy the decrypter, it will leave your pc as it was before the encryption.
The price is 50€
You can buy cryptos here
Coinmama - hxxps://www.coinmama.com
Bitpanda - hxxps://www.bitpanda.com
Payment informationAmount: 0.1473766 BTC
Bitcoin Address: [alphanumeric string]
The email used for contact is displayed on the new wallpaper, which reads:
Your PC has been encrypted
Contact: ransomcrow at proton dot me
Instructions in readme.txt