Chinz Ransomware

Malware researchers have uncovered a new file-locker that has been dubbed the Chinz Ransomware. This new data-locker is a variant of the notorious Phobos Ransomware.

Propagation and Encryption

The Chinz Ransomware is a threat that is likely to go after a long list of filetypes to cause maximum damage. This Trojan is very likely to target .png, .gif, .jpeg, .jpg, .svg, .txt, .doc, .docx, .pdf, .mp3, .midi, .mid, .aac, .wav, .mov, .mp4, .webm, .db, .zip, .rar, .ppt, .pptx, .xlsx, .xls filetypes among various others. Once the Chinz Ransomware detects a file that matches its criteria, it applies an encryption algorithm to lock it securely. When the Chinz Ransomware encrypts a file, it changes its name by adding a '.id[<VICTIM ID>].[yuzhou13@tutanota.com].chinz' extension. For example, a fil that was named ‘cotton-cloud.mp3’ originally, will be renamed to ‘cotton-cloud.mp3.id[<VICTIM ID>].[yuzhou13@tutanota.com].chinz.' It is likely that the distribution methods involved in the propagation of the Chinz Ransomware include mass spam email campaigns, malvertising operations, fake software downloads, bogus social media pages, torrent trackers and others.

The Ransom Note

When the encryption process is done, the Chinz Ransomware will drop two files on the user's computer. The files in question contain the ransom message of the attackers and are named 'info.txt' and 'info.hta.' The attackers make it clear that they want to be paid in Bitcoin and offer two email addresses where the user can contact them – ‘yuzhou13@tutanota.com' and ‘kaidrake@cock.li.'

It is not a good idea to cooperate with cybercriminals like the conmen behind the Chinz Ransomware. To remove the Chinz Ransomware from your PC, it is recommended to use the assistance of a genuine, up-to-date anti-malware application.