SecneurX Threat Analysis
What is Dark Power Ransomware ?
SecneurX Analysts found Dark Power Ransomware in the wild. Dark Power ransomware encrypts files and appends its extension (".dark_power") to filenames. Also, it drops the "readme.pdf" file that contains a ransom note. After executing the Dark Power ransomware all files and folders got encrypted and appended their filenames with a ".dark_power" extension. For Example, a file titled "Sep2019.docx" appeared as "Sep2019.docx.dark_power", "Jan2020.docx" as "Jan2020.docx.dark_power", and so on. Screenshot of files encrypted by Dark Power ransomware
Dark Power Ransomware Overview In “readme.pdf” the Ransomware Recovery note informs victims that all files and folders are encrypted and mentioned a wallet address and instructed them to send $10,000 to that address and also makes the victim install a chat app and informed the victim to send an id for further process and also informed that all files in the backup, Outlook server, and databases have been encrypted.