Resurrection ransomware plays audio from a horror movie


The SonicWALL Threat research team receives reports of ransomware daily and new strains seem to pop up every week. This week we analyzed this malware called Resurrection Ransomware. Like others that we have seen in the past, it exhibited predictable behavior only this time, its ransom note plays an eerie music in the background reminiscent of a horror film.

Infection Cycle:

The malicious file pretends to be a PDF file and uses the following icon:

Upon successful execution, it then proceeds to encrypt files in the victim’s machine. It appends “[random 6 characters].resurrection” file extension to all encrypted files as seen in the screenshot below:

It drops the file README.html to every directory with an encrypted file. It then opens a browser to launch the html file which reads its ransom note. It is asking the victim to pay 1.77 Bitcoin and to confirm payment by sending an email to resurrection777 at protonmail dot com:

The html file plays an eerie music in the background. Upon careful inspection of the file we found the source for the music embedded on the html file.

We found that it plays Charlie Clouser’s music which is the theme song of a horror movie called Dead Silence.

SonicWALL Gateway AntiVirus provides protection against this threat with the following signature:

  • GAV: Hiddentear.RSM_2 (Trojan)
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.