Acuna Ransomware

The Acuna Ransomware is a threat classified as being a variant belonging to the Phobos Ransomware family. Although the Acuna Ransomware doesn't demonstrate any meaningful deviation or improvements when compared to the rest of the Phobos Ransomware variants, it is still a potent threat that can lock users out of their own computers effectively. By employing an uncrackable encryption algorithm, the Acuna Ransomware will render nearly all files stored on the compromised computer inaccessible and unusable. The Acuna Ransomware will then proceed to extort its victims for money in exchange for the decryption key necessary to release the locked data.

All affected files will have their names changed drastically. The threat will append a string representing the unique ID assigned to the victim, an email address under the control of the hackers, and '.Acuna' to the original name of every encrypted file. The email address is 'Cusapool@firemail.cc.' Upon completion of the encryption routine, Acuna drops its ransom note with instructions to the victim. The note has two versions - a shorter one contained in text files named 'info.txt' and a longer set of instructions displayed in a pop-up window.

Victims of the Acuna Ransomware are told that to receive the decryption key that could restore their data, they will have to pay a ransom using the Bitcoin cryptocurrency. The exact amount demanded by the hackers is not mentioned but it is stated that the sum will depend on how fast the victims initiate communication. The main email address reserved for this purpose is the one also placed in the names of the encrypted files – 'Cusapool@firemail.cc.' Users also are instructed to send copies of the message to two other emails - 'zezoxo@libertymail.net' and 'togerpo@zohomail.eu.' An alternative communication channel in the form of a Telegram account named '@zezoxo' also has been provided.

The Acuna Ransomware's victims are allowed to attach up to 5 non-important files that do not exceed 4MB in total size to their messages. The hackers will decrypt these files for free presumably as a demonstration of their ability to restore all locked data. It is still, however, not recommended to engage in negotiations with cybercriminals, as that could expose users to further security threats.

The text displayed in the pop-up window created by Acuna Ransomware is:

'All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail: Cusapool@firemail.cc

Write this ID in the title of your message -

To increase the likelihood of receiving a response to your request, also duplicate your letters to the following e-mails:zezoxo@libertymail.net and togerpo@zohomail.eu

For quick and convenient feedback, write to the online operator in the Telegram messenger: @zezoxo

(The username of the Telegram account must be exactly the same as above.)

You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.

Free decryption as guarantee

Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

Attention!

To get guaranteed assistance in decrypting your files, please contact only the contacts indicated in this note, otherwise we are not responsible for the decryption!

Do not rename encrypted files.

Do not try to decrypt your data using third-party software, as this may result in irreversible data loss.

Decrypting your files with the help of third parties may increase the price (they add their fee to ours) or you risk losing money without receiving files decryption in return.

!!! When contacting third parties, we do not give a guarantee for decryption of your files !!!

How to obtain Bitcoins

The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.

hxxps://localbitcoins.com/buy_bitcoins

Also you can find other places to buy Bitcoins and beginners guide here:

hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/'

The instructions contained inside the text files are:

'!! All your files are encrypted !!!

To decrypt them, send an email to this address: Cusapool@firemail.cc.

To increase the likelihood of receiving a response to your request, also duplicate your letters to the following e-mails:

zezoxo@libertymail.net and togerpo@zohomail.eu

For quick and convenient feedback, write to the online operator in the Telegram messenger: @zezoxo

(The username of the Telegram account must be exactly the same as above.)

Attention!

To get guaranteed assistance in decrypting your files, please contact only the contacts indicated in this note, otherwise, we are not responsible for the decryption!'