DarkAngels Ransomware is yet another derivative of
Babuk Ransomware. It is very similar to
HelloXD Ransomware in term of functionalities. Reports on Dark Angels suggest that each ransomware sample is targeted specifically for a given organization. It ask its victim to contact for ransom payment via TOR based chat system. Dark Angels payloads have the ability to spread to available network shares and can accept associated parameters. The 'paths' and 'shares' command line parameters are both available. The method of share discovery can vary depending on the option provided. In the absence of any command line options, the malware enumerates all local drives and encrypts all targeted files. Upon encryption, files are given the
.crypt extensions.
DarkAngels Ransomware Signatures
Family: Ransom:Win32/Babuk.MAK!MTB
MD5: b4a07cdd640bbaef21cd0493b4d62675
SHA256: 38e05d599877bf18855ad4d178bcd76718cfad1505328d0444363d1f592b0838
DarkAngels Ransomware Download
