Sakura Ransomware Aggressively Demands Payment in Bitcoin

A new ransomware variant belonging to the Chaos ransomware family was recently discovered by security researchers. The new strain is called the Sakura ransomware.

Sakura works like other Chaos ransomware clones and like most ransomware in general - it encrypts files on the target system and leaves them largely useless. Affected file types include media, document and archive extensions, as well as database files.

Once files are encrypted, the ransomware adds the ".Sakura" extension to the previous name. This will make a file formerly called "document.doc" transform into "document.doc.Sakura" upon successful encryption.

The ransomware changes the wallpaper image to a disturbing clownlike face and deposits its ransom demands inside a text file named "read_it.txt".

The full ransom note goes as follows:

Don't worry, you can return all your files!

All your files like documents, photos, databases and other important are encrypted

What guarantees do we give to you?

You can send 3 of your encrypted files and we decrypt it for free.

You must follow these steps To decrypt your files :   

Write on our e-mail :test at test dot com ( In case of no answer in 24 hours check your spam folder

or write us to this e-mail: test2 at test dot com)

Obtain Bitcoin (You have to pay for decryption in Bitcoins.

After payment we will send you the tool that will decrypt all your files.)

July 28, 2022