FANDOM


Ims00ry is a ransomware that runs on Microsoft Windows.

Behavior

Unlike other ransomware, however, Ims00ry doesn't append any extension, nor rename compromised files in any other way.

Payload

Transmission

Ims00ry can be distributed by Infected email attachments (macros), torrent websites, and malicious ads.

Infection

After successful infiltration, Ims00ry encrypts most of stored data, thereby rendering it unusable. Once encryption is over, Ims00ry changes victim's desktop wallpaper and drops "README.txt" text file on victim's dekstop.

Now both text file and desktop wallpaper contain identical ransom-demanding messages. They note that files are encrypted using RSA-4096/AES-256 cryptographies and that victims have to pay a ransom in order to restore them. The price for decryption is $50 and it is noted that payment must be submitted using Bitcoin cryptocurrency. Comparing to other ransomware infections, Ims00ry's price is rather low, since the size of ransom usually fluctuates between $500 and $1500.

Text presented within Ims00ry ransomware's desktop wallpaper and text file ("README.txt"):

I am sorry!!!
My friend. I want to start my own business, but i have no money.
All your files photos, databases, documents and other important are encrypted with 
strongest encryption and algorithms RSA 4096, AES-256.
If you want to restore your files payment and write to Telegram bot
Price decrypt software is $50.

Attention!!!
Do not rename or move the encrypted files.

Bitcoin wallet:
1tnZbveCXmqRS1gfZSxztG5MbdJhptaqu

Contact Telegram bot:
@Ims00rybot
Community content is available under CC-BY-SA unless otherwise noted.