SEX3 Ransomware is New SATANA Offshoot That Encrypts Files
Whoever made the SATANA ransomware is obviously very fond of using capital letters, as the latest ransomware variant belonging to the SATANA family is called SEX3.
The new strain does everything you would expect from a ransomware clone. It will encrypt most files on a system, then deposit its ransom demands inside a plain text file and change the desktop wallpaper.
Files that get encrypted by the SEX3 ransomware receive a new extension appended after their old one. The encryption process will turn a file called "document.txt" into "document.txt.SEX3". Affected file types include media files, documents, archives and databases.
The ransom note itself is brief and to the point. It is delivered inside a plain text file called "!satana!.txt" and its full text is as follows:
The harddisks of your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page
E-mail: geraashurakovv at mail dot ru - this is our mail
CODE: 14B4030A8A7F8B8D7B1101720567C27E this is code; you must send
BTC: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV here need to pay 0,5 bitcoins
continue the normal download on your computer. Good luck! May God help you!