Canadian Ransomware

Infosec researchers have uncovered a malware strain that is being tracked under the name Canadian Ransomware. Ransomware threats are used by cybercriminals in operations targeting the data of the victims. When a ransomware threat infiltrates a computer, it will activate an encryption process that will leave most of the data on the device in an inaccessible state, by locking it using a strong cryptographic algorithm. The Canadian Ransomware appears to be mostly targeted at individual users and not corporate entities. 

The threat marks each file it locks by appending '.canadian' to the original file names. Victims also will discover the appearance of a new text file named 'DECRYPT YOUR FILES.txt' on the desktop of the breached device. Inside the file is a ransom note with instructions from the threat actors. However, the delivered message is rather brief. It tells victims of the threat that they will have to pay only 50 CAD (Canadian Dollars), but only if they have the funds to do so. To receive additional instructions, victims are directed toward messaging the provided email address at 'rebcoana@gmail.com.'

Canadian Ransomware's full message is:

'Your Files Are Encrypted. To Decrypt Them, Please Send An Email To rebcoana@gmail.com.

The Ransom Demand Is Only 50 Canadian Dollars So You Should Be Able To Pay It, Except If You Are Poor 🙂

You Thought All Canadians Were Nice? Think About It For A Second.'