Spread the love

Introduction and Details

WhiteRose ransomware  crypto-extortion encrypts user data with AES, and then requires a redemption in #Bitcoin(BTC) to decrypt the files.

File naming pattern: randomname_ENCRYPTED_BY.WHITEROSE

Example of an encrypted file:

The activity of this crypto-extortioner is now being seen in the second half of March 2018. It is oriented towards English-speaking users, which does not prevent it from spreading around the world of course.

The note with the demand for redemption is called: HOW-TO-RECOVERY-FILES.TXT 

As shown above, the picture in the note has a WhiteRose in it built with ASCII characters.

There is a note added further as shown below:

The contents of the note about redemption: 
===================== [PersonalKey] ===================== 
[redacted base64] 
===================== [PersonalKey] ===================== 
The singing of the sparrows, the breezes of the northern mountains, and the smell of the earth. I'm sitting on a wooden chair next to a bush tree, I have a readable book in my hands and I am sweating my spring with a cup of bitter coffee. Today is a different day. 
Behind me is an empty house of dreams and in front of me, full of beautiful white roses. 
To my left is an empty blue pool of red fish and my right, trees full of spring white blooms. 
I drink coffee, I'll continue to read a book from William Faulkner. In the garden environment, peace and quiet. My life always goes that way. Always alone without even an intimate friend. 
I have neither a pet nor a friend; I am a normal person with fantastic wishes among the hordes of white rose flowers. Everything is natural. I'm just a little interested in hacking and programming. My only electronic devices for this project are for iPhone and iPod touch. 
Believe me, my only assets are the white roses of this garden. 
I think of the days and write at night, the story, the poem, the code, the exploit or the accumulation of the number of white roses, and I say to myself that the wealth is different friends of different races, languages, habits and religions, Not only being in a fairly stylish garden with full of original white roses. 
Today, I think deeply about the decision that has involved my mind for several weeks. A decision to freedom and at the cost of unity, intimacy, joy and love and is the decision to release the white roses and to give gifts to all peoples of the world. 
I do not think about selling white roses again. This time, I will plant all the white roses of the garden to bring a different gift for the people of each country. No matter where is my garden and where I am from, no matter if you are a housekeeper or a big company owner, it does not matter if you are the west of the world or its east, it's important that the white roses are endless and infinite. You do not need to send letters or e-mails to get these roses. Just wait it tomorrow. 
Wait for good days with White Rose. 
I hope you accept this gift from me and if it reaches you close to your eyes and feet. 
Thank you for trusting me. Now open your eyes. Your system has a flower like a small garden; A white rose flower. 
////////////////////////////////////////////////////////////////////////////////////////////// / 
[Recovery Instructions] 
I. Download qTox on your computer from [https://tox.chat/download.html] 
II. Create new profile then enter our ID in search contacts 
Our Tox ID: "6F548F21789 ***". 
III. Wait for us to accept your request. 
IV. Copy '[PersonalKey]' in "HOW-TO-RECOVERY-FILES.TXT" file and send this key with one encrypted file less size then 2MB for trust us in our Tox chat. 
IV.I. Only if you did not receive a reply after 24 hours from us, 
IV.II. For perform "Step IV.I" and enter the TOR network, you must download tor browser 
and register in "http://torbox3uiot6wchz.onion" Mail Service) 
V. We decrypt your two files and we will send you. 
VI. After ensuring the integrity of the files, We will send you payment info. 
VII. Now after payment, you get "WhiteRose Decryptor" Along with the private key of your system. 
VIII.Everything returns to the normal and your files will be released. 
////////////////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////// 
What is encryption? 
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can not access it. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm. 
For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. 
It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. 
An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. 
in your case "WhiteRose Decryptor" software for safe and complete decryption of all your files and data. 
Any other way? 
If you look through this text in the Internet and realize that, please contact your antivirus support.

Technical Details:

Can be distributed by hacking through an unprotected RDP configuration, using email spam and malicious attachments, fraudulent downloads, exploits, web injections, fake updates, repackaged and infected installers.


If you neglect Anti-Virus:

At least backup important files


List of extensions:

MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives (at the time of writing this article)


Related Files:

<random> .exe – random name
WhiteRose Decryptor .exe


User Folders

WhiteRose Contact Channel:


Tox ID: “6F548F21789***”

Email: TheWhiteRose@Torbox3uiot6wchz.onion

Mail: http://torbox3uiot6wchz.onion


Hits: 108