Script Ransomware is a New Chaos Ransomware Variant Designed to Encrypt Your Files
Our malware researchers recently discovered Script, a ransomware used by cybercriminals to hold a victim's data hostage. Script belongs to the Chaos ransomware family and encrypts files, adds the ".Script" extension to file names, alters the desktop wallpaper, and leaves a ransom note in the form of the "read_it.txt" file.
An example of the renaming process: Script changes the file name "1.jpg" to "1.jpg.Script" and "2.doc" to "2.doc.Script". The team found Script while analyzing submissions to online threat databases.
The ransom note instructs victims to contact the attacker on Telegram using the handle @r.sgfs to retrieve their encrypted files. The fact that the attacker chose to use Telegram suggests they may be inexperienced. However, it's important to note that Instagram, a common communication channel, may cooperate with law enforcement and release information if requested.
Table of Contents
Script ransomware’s ransom note
The "read_it.txt" file generated by the Script ransomware contains the following text:
Chaos Virus !
contact me on instagram : @r.sgfs , to decrypt your files
What is the best way to protect your files against ransomware attack?
Protecting your files from a ransomware attack requires implementing a multi-layered approach to security. Firstly, regularly backing up your data is a must. This way, in the event of an attack, you have access to a copy of your data that has not been encrypted. It is important to store your backups in a location that is separate from your network, such as an external hard drive or a cloud-based service.
Secondly, keeping your software up-to-date is crucial. Software updates often include security patches, which help to fix vulnerabilities that can be exploited by attackers. Make sure to keep your operating system, browser, and all other software installed on your computer updated to the latest version.
Thirdly, it is important to be vigilant when it comes to email attachments and links. Cybercriminals often use phishing emails to trick people into downloading malware. Do not open attachments or click on links from unknown or suspicious sources.
Fourthly, using anti-virus software is a must. Anti-virus software scans files, emails and other data for malicious content, and helps to prevent malware from infecting your system. Choose a reputable anti-virus software and keep it updated.
Finally, practicing good cybersecurity hygiene is essential. This includes using strong passwords, being careful about the personal information you share online, and being aware of your online activities.
By following these steps, you can help protect your files from a ransomware attack and keep your data safe.
Why is it not a good idea to pay ransom to hackers?
Paying the ransom to hackers is not a recommended solution for several reasons. Firstly, there is no guarantee that the attacker will actually provide the decryption key, even if the ransom is paid. In many cases, victims have reported that they paid the ransom but never received the decryption key. Secondly, by paying the ransom, you are essentially financing the criminal's operation and encouraging them to continue with their illegal activities.
This perpetuates the cycle of ransomware attacks, making it more profitable for the attackers and increasing the likelihood that others will fall victim. Additionally, paying the ransom may not be a feasible option for all victims, as some attackers demand high amounts of money, making it unaffordable for many people. Finally, paying the ransom can also be viewed as supporting and legitimizing illegal activities, which may have legal consequences. The best way to protect against ransomware attacks is to have strong cybersecurity measures in place, such as regularly backing up data, keeping software up-to-date, and being cautious when opening email attachments or clicking on links from unknown sources.
