Zxcvb Ransomware is a New Dharma Variant

Security researchers spotted a new ransomware variant that belongs to the Dharma family. The new strain is called the Zxcvb ransomware.

The Zxcvb ransomware will perform encryption of nearly all files found on all local storage devices. Files will receive the ".zxcvb" extension once they are encrypted. The file name will be also appended with the victim ID code and the contact email that the ransomware operator uses.

This will make a file change its name from "document.doc" into "document.doc.id-[aplhanumeric string].[paymoney@onionmail.org].zxcvb". Affected file types include practically all user-created files on the system, including media, document, archive and database extensions.

The ransom note is dropped inside a plain text file called "FILES ENCRYPTED.txt". The full ransom note goes as follows:

YOUR FILES ARE ENCRYPTED

Don't worry,you can return all your files!

If you want to restore them, follow this link:email paymoney at onionmail dot org YOUR ID

If you have not been answered via the link within 12 hours, write to us by e-mail:zxcvb at onionmail dot com

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The ransomware also displays a pop-up window containing the same text.