What is Watch Ransomware?
By investigating the behavior and the code of the Watch Ransomware, malware researchers have concluded that it is a variant from the Dharma Ransomware family. Therefore, the Watch Ransomware works just like any other Dharma threat. It invades the targeted computers, executes an encryption process, and compromises the data stored there. Then, the people behind the Watch Ransomware will try to extort the victims by promising to provide them with the required decryption software in exchange for the ransom payment.
When a file is locked by the Watch Ransomware, its name will be changed completely. This is an easy way for the victims to recognize which files are encrypted. The files will have the victims; ID, the email address watch@msgden.net and the file extension '.Watch' added to their names. The attackers also provide two email addresses, which should be used by the victims to contact them, 'watch@msgden.net' and 'watch@mykolab.ch.' Then the victims will receive the ransom note. It does so in two separate ways. One involves creating a text file named 'info.txt' while the other displays a message in a pop-up window.
However, the Watch Ransomware's notes do not provide the victims with the details they need to know The text file contains a few sentences telling the victims to use either 'watch@msgden.net' or 'watch@mykolab.ch,' email addresses to contact the attackers. The note delivered in the pop-up window is a bit longer, but still not useful.
The text file's message is:
'all your data has been locked us
You want to return?
write email watch@msgden.net or watch@mykolab.c'
The content of the pop-up window reads:
'YOUR FILES ARE ENCRYPTED
watch@msgden.net
Don't worry, you can return all your files!
If you want to restore them, write to the mail: watch@msgden.net YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:watch@mykolab.ch
ATTENTION!
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'