Data Keeper, available on the dark web as a Ransomware-as-a-Service (RaaS), encrypts files using a dual AES and RSA-4096 algorithm, drops a note named “!!! ##### === ReadMe === ##### !!!.htm” in folders where files have been encrypted, and attempts to encrypt all networks connected to the target machine. Users who wish to infect victims with Data Keeper are encouraged to sign up for the dark web service and create new malware samples free of charge. In return, the profits generated from ransom payments will be distributed between the developers and participating users who created the new samples. Once infected, victims are directed to access a dark web URL for decryption and ransom payment information. Data Keeper does not append an extension to the names of encrypted files.
- Bleeping Computer provides more information about Data Keeper here.
- The NJCCIC is not currently aware of any free decryption tools available for Data Keeper.
Image Source: Bleeping Computer