Sanctions ransomware targets Windows OS and its method of distribution is currently unknown. It appends .wallet to encrypted file names and drops a ransom note named RESTORE_ALL_DATA.html on infected systems. Currently, the malicious actors behind the campaign are selling the decryption key for 6 Bitcoin and directing victims to the Satoshi Box platform to submit payments.
- Bleeping Computer provides more information about Sanctions here.
- The NJCCIC is not currently aware of any decryption tool available for Sanctions.