FANDOM


Digisom is a ransomware-type virus that stealthily infiltrates systems and encrypts various files.

Payload

During encryption, Digisom renames encrypted files using the "[original_file_name][3_random_characters.x]" pattern (for example, "sample.jpg" is renamed to "sample.jpgG3e.x"). Some newer variants of this ransomware use this scheme of file renaming after successfully encrypting them - filename.extension[A-Za-z0-9]{3}.x Following successful encryption, this virus changes the desktop wallpaper to a plain black color and creates ten text files ("Digisom Readme0.txt", "Digisom Readme1.txt", up to "Digisom Readme9.txt"), placing them on the desktop. In addition, Digisom opens a pop-up window, which contains a timer until the next file deletion takes place (Digisom deletes a single random file every two hours).

The ten text files contain identical ransom-demand messages stating that files are encrypted and that they can only be restored using a unique private key. Unfortunately, this information is accurate. Digisom uses asymmetric cryptography and, thus, public (encryption) and private (decryption) keys are generated. It is impossible to restore files without the private key, and since it is stored on a remote server, victims are encouraged to pay a ransom to receive it. The cost of this key is .2 Bitcoin (currently, 1 Bitcoin is equivalent to ~$1045).

Ransom-demand message presented within Digisom text files:

Your important files were encrypted on this computer: photos, videos, documents, etc. 
You can verify this by opening them.
To save your files, you need a private key to decrypt it.
The single copy of private key, which will allow you to unlock the files, is located on a 
secret server on the internet; the server will destroy the key within 48 hours after 
encryption completed. After that, nobody are able to restore the files.
To retrieve the private key, you need to pay 0.2 bitcoins. Check out the website on 
how to make payment: http://www.digisom.pw 
YOUR UNIQUE ID TO FIND KEY:

Text presented within Digisom website:

1. Get Bitcoins (BTC) at localbitcoins.com if you don't already have any.
2. Send 0.20004084 Bitcoins (in ONE payment) to the address below.
If you send any other bitcoin amount, payment system will ignore it !
Send EXACTLY 0.20004084 BTC (plus fees) to: 
1FCuCww75NtxtVJHsvwaWJsphLsT1tRAoL
Bitcoins have not yet been received.
If you have already sent Bitcoins (the exact Bitcoin sum in one payment as shown in 
the box below), please wait a few minutes to receive them by Bitcoin Payment System. 
If you send any other sum, Payment System will ignore the transaction and you will 
need to send the correct sum again, or contact the site owner for assistance.
Community content is available under CC-BY-SA unless otherwise noted.