Industrial Spy, originally an illegal dark web marketplace for stolen data (such as commercial and military secrets), has recently expanded the scope of its operations. While the previous version of viruses distributed by Industrial Spy’s hacker team simply stole the data, the new strain also encrypts it to extort ransom from the victim. By definition, this makes it a ransomware.
While many, if not most ransomware programs change the extension of the files they encrypt to make the hack more obvious to the victim, Industrial Spy Market’s virus does not.
The ransom note is named “readme.html”. A copy of it is placed it each folder on the infected computer. Overall, it is a fairly typical ransom note, though a few things do stand out. The note specifically addresses companies – perhaps unsurprising for an industrial espionage operation. Whether private individuals are at risk or not is unknown. The note also doesn’t specify how much money the victim should transfer, or where to transfer it. This, again, is unusual but makes sense for a virus targeting a small amount of high-profile victims.
The article below will help you remove Industrial Spy Market ransomware and outline general strategies on recovering the files.