The authors of ‘Merry X-Mas!’ Ransomware have released the second version of their ransomware, which features some minor changes to the name, ransom note, and file extension used to mark the encrypted files. However, the core features are still the same, and the successor of the ‘Merry X-Mas!’ Ransomware still uses an unbreakable encryption, which may leave victims helpless. The new version is dubbed the ‘.Merry File Extension’ Ransomware since it applies the ‘.merry’ extension to all files that the crypto-threat locks successfully. In addition to this, the ‘.Merry File Extension’ Ransomware also stores the ransom message in ‘MERRY_I_LOVE_YOU_BRUCE.HTA.’
The ransom note that the ‘.Merry File Extension’ Ransomware delivers does not mention the sum that victims have to pay to get their data back and, instead, it tells victims to contact the perpetrators of the attack immediately if they want to get their files back. The ransom note includes a countdown timer that expires in a week and tells users that failing to pay the ransom fee in 168 hours will result in the permanent deletion of their decryption key. There’s no confirmation whether this is true or not, but even if it is, you should not agree to fulfill the demands of cyber criminals.
‘YOUR CLIENT-ID: [32 RANDOM CHARACTERS]
YOUR FILES ARE ENCRYPTED!
Discovered a serious vulnerability in your network security. No data was stolen and no one will be able to do it while they are encrypted. For you vie have automatic decryptor and instructions for remediation.
To restore files and retrieve decryptor contact us
TELEGRAM F@comodosecurity
EMAIL [email protected]
ALL FILES WILL BE DESTROYED AFTER
Attention! Do not attempt to remove the program or run the anti-virus tools Attempts to self-decrypting files will result in the loss of your data Any attempts to return your files with the third-party tools will be fatal’
The ‘.Merry File Extension’ Ransomware uses the Telegram messaging service as one of the means of contact that their victims can use. The Telegram account is @comodosecurity, but victims are also given the opportunity to establish contact by sending an e-mail message to [email protected]. The ransom message does not mention anything about the free decryption of any files so that it seems like the authors of the ‘.Merry File Extension’ Ransomware are not keen on the idea of decrypting several files free of charge, as proof that they are able to complete the task. Instead of spending money on the services of cyber crooks, we advise users whose files have been taken hostage by the ‘.Merry File Extension’ Ransomware to hurry up and run an anti-malware scanner that will eliminate the infected files from their computers. Unfortunately, the locked files marked with the ‘.MERRY’ extension might not be recovered at the moment since a free decrypter for this threat has not been developed yet. Regardless of this, victims of the ‘.Merry File Extension’ Ransomware should keep the encrypted data safe because there’s a slight chance that a free decryption utility might become available in the future.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]
