Sign in to follow this  
chipsang

ClOWN ransomware cheater

Recommended Posts

Hi Team Emsisoft and members.

I want to update some information about "CLOWN" ransomware  which might be useful for everyone. I have also put same post in Bleeping computers forum as well.

Today I wish to report a incidence related to CLOWN variant.

One of my client has contacted email address given in note ( [email protected] ) and asked for help. Reply came with $1500 demand which client refused.

In turn opposite person said he has discussed this case with " BOSS" who is agreed for $300 in BTC. Conversation continued for several days and with the hope to get decrypter customer transferred funds in BTC wallet given  ( wallet address - 3Mv279iQFVJthDUEaP21aCNWb28nDu

im3N)
The moment fund transferred language of opposite person changed and he said customer must pay remaining $1000 additionally which client flatly refused.
Even after many requests he or she from opposite end did not give decrypter and stopped further communication.
    Meantime one  claiming "software programmer ([email protected]) entered on stage ( claiming  she is not having decrtpter and being developer I can decrypt data for $700 ,later after negotiations he came down to $200 ,however client did not pay anything to anyone.
I want to alert community to add  both email ID's in cheaters list ( pls.ignore if already added) , Do not pay to both of these cheaters as they are not having decrypter.
Header analysis of emails is of no use as they must be hiding under VPN.
I want to spread this information in as much as forums so that no innocent victim will pay to them.
One curious thing I have noted that  reply from second person (claiming supclown) has came in persian. That may give us hint this clandestine network might be operating from persian speaking countries.
There seems to be one main mafia who  hires software programmers and create algoritham ,  he gives it to a distributor and in turn agents like [email protected] has to pay to distriutors for each case. That means these agents whose email address are given in ransomware note are not having decrypter at all. Attached is snapshot of decrypter provided by cheaters. Also attached is headers of [email protected]
 
Email ID appreaing in  note  ---[email protected]
other email ID ----  [email protected]
 
Beware all and do not pay to these 2 cheaters and any others too.  pls. dpread this information to as much as possible peoples.

Attached Files

 

Headers protonmail.ch.txt

Share this post


Link to post
Share on other sites

Can you attach a copy of an encrypted file to a reply for us to have a look at?

Share this post


Link to post
Share on other sites

Hi GT 500  Good Morning.

Thank you for all your efforts and time. I have sent you download link for few sample files.

Thank you

Share this post


Link to post
Share on other sites

Someone replied to this topic on Sunday saying that paid decryption service is available. I want everyone to know that this is either a scam, or it's the criminals who made/distributed the ransomware trying to trick you into paying them.

I highly recommend that you do not contact them, and if you already have then I recommend ceasing all communication with them. There is a very real chance that they may take your money, and not decrypt your files.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.