FANDOM


Not to be confused with HiddenTear.
InfiniteTear is a ransomware that encrypts files. It is a modified version of HiddenTear.

Payload

Once infiltrated, InfiniteTear encrypts stored files and appends their names with the ".JezRoz" extension (for example, "sample.jpg" is renamed to "sample.jpg.JezRoz"). Following successful encryption, InfiniteTear creates a text file ("Important_Read_Me.txt"), placing it in every existing folder. Updated variants of this ransomware use ".Infinite" extension for encrypted files.

The created text file contains a message stating that files are encrypted, and to restore them, victims must pay a ransom. In either case, decryption requires a unique key that InfiniteTear's developers store on a remote server. Victims are encouraged to pay the equivalent of $310 in Bitcoins to receive the key. They are also permitted to send two selected files to the cyber criminals via an email address provided. These files are then decrypted and returned, supposedly to guarantee that decryption is possible.

Message presented within InfiniteTear ransomware text file ("Important_Read_Me.txt"):

Your System Specific Identification Key :

----------------------BEGIN-----------------------
AAAA333130AAAA7D2B1E46203F210E3F3F3F1D7F3F3F4C4318
6D3F3F3F553F3F272B1F363F3F3F3F733F3F3F36413F57673F
603F3F4A3F523F3F7A3F3F0A3F3F3F4072006B5B3F323F3F71
413F3F573F443F62613F3F3F3F0A0D3F203F413F783F2B3F54
3F3F643F3F3F3F18263F1D3F11267A7B22603F3F413F3F1A20
3F583F0C4F
-----------------------END------------------------

What happened to my computer?

All of your personal files, such as documents, photos, videos, databases and files
that you need, have been removed from your secure cryptography.
You need to pay for your personal files to be decrypted.
Maybe you're looking for a way out of the internet to reopen your files. We will
endow you no one but us able to reopen your encrypted files!

So what should I do now?

All you need to do is pay the amount requested to our Bitcoin account and then 
send the personal identification key to our email address.

Why should I trust you?

We are not dishonest users and guarantee the return of all your missing files. To 
do this, you can decode 2 of your files by sending us free of charge.

Warning:
After this message, you have only 7 days to pay the requested amount 
of time. After that time, your key will be deleted from our server and you will not be 
able to access any of your files even if the requested amount is paid and
remember any attempts to manipulate your encrypted files by the program.
Miscellaneous or other people may cause the file to be lost.

Pament : 310$
Email : InfinityShadow@Protonmail.com
BitCoin Address : 18vsVuzW7oQLQX2u6UmGw9SzhmGntbEQoJ
Community content is available under CC-BY-SA unless otherwise noted.