Cuzimvirus Ransomware

The Cuzimvirus Ransomware is a ransomware Trojan that is used to take the victims' files hostage. However, the Cuzimvirus Ransomware is not as threatening as most other encryption ransomware Trojans that are active currently. The Cuzimvirus Ransomware does not encrypt the victim's files, like typical encryption Trojans that will use the RSA and AES encryption to make the victim's files inaccessible, demanding the payment of a ransom with a ransom note delivered through a HTA application message, a text document, or an image on the victim's Desktop. Other, more threatening ransomware Trojans, will affect the infected computer's boot sequence, making them quite difficult to stop. The Cuzimvirus Ransomware carries out an attack that is quite old-fashioned and was popular several years ago, where rather than encrypting the victim's files, the Cuzimvirus Ransomware will display a lock screen, and block the victim from accessing the infected computer.

The Cuzimvirus Ransomware and Its Lock Screen Attack

Ransomware Trojans like the Cuzimvirus Ransomware carry out a simple attack that blocks access to the victim's computer by displaying a full-screen message and preventing access to the Task Bar, Desktop and other Windows features. The Cuzimvirus Ransomware will interfere with keyboard shortcuts and prevent the victim from accessing the Windows Task Manager, which may be used to bypass these unwanted components. The Cuzimvirus Ransomware has also been associated with fake technical support programs, not directly but by the attack that these threats share.

PC security researchers have noted an additional connection: the Cuzimvirus Ransomware is delivered in the form of a corrupted executable file named 'procleaner.exe,' which is disguised as a security program. The Cuzimvirus Ransomware receives its name because of the contact email address, which is included in the Cuzimvirus Ransomware's lock screen. This email address, the Cuzimvirus@yahoo.com, is displayed for the victim to contact the con artists and receive the unlock code. The Cuzimvirus Ransomware was observed in the comments of a video of the infamous HiddenTear ransomware project initially. It is possible that the Cuzimvirus Ransomware will be developed further, and may include an actual encryption component in the near future. The full text of the Cuzimvirus Ransomware's lock screen reads:

'Computer Blocked!!
To unlock the Computer follow the three easy steps:
Send me a message to this email: the Cuzimvirus@yahoo.de and I send you the code
When you write me, I send you the code. Then paste the code in the textbox and press "unlock"
Then press okay, and your computer is unlocked'

How the Cuzimvirus Ransomware Demands Its Ransom

To unlock access to the infected computer, victims require a password. The Cuzimvirus Ransomware does not need to connect to a Command and Control server to carry out its attacks, which is not the case for many, more threatening ransomware Trojans. It is possible to bypass the Cuzimvirus Ransomware lock screen by simply starting up the infected computer using Safe Mode or some alternate boot method. Since the Cuzimvirus Ransomware does not encrypt files or corrupt the victim's data, bypassing the Cuzimvirus Ransomware lock screen and removing the Cuzimvirus Ransomware with the help of a reliable security program may be enough to recover from this attack. This is much simpler than with ransomware Trojans that include an encryption component, where the victim's files will remain inaccessible even if the threat is removed. PC security analysts recommend using a security program to detect and remove the Cuzimvirus Ransomware and other variants. Popular anti-malware programs will detect the Cuzimvirus Ransomware with the following names and aliases, among many others (since there have been countless variants of the Cuzimvirus Ransomware's method of attack):

Artemis!8B1FC6F88EFD
MSIL/LockScreen.QS
Ransom_FAKELOCK.H
W32.Troj.Ransom.Filecoder!c
W32/Trojan.ISLH-0414
Win32:Malware-gen