Cassetto Ransomware
The Cassetto Ransomware is an encryption ransomware Trojan. The Cassetto Ransomware was first observed in the last week of August 2018. There is a little difference between the Cassetto Ransomware and the many other encryption ransomware Trojans that are active today.
Table of Contents
How the Cassetto Ransomware Attack Works
The Cassetto Ransomware, as well as most other encryption ransomware Trojans, is designed to take over the victim's files, using AES encryption to make the victim's files inaccessible. The Cassetto Ransomware targets the user-generated files, which may include media files, databases, and numerous documents. The Cassetto Ransomware encrypts a wide variety of file types, including the following:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .ra.
The decryption key the victims need to restore the affected files is stored on the Cassetto Ransomware's Command and Control servers, making it impossible for the victim to recover the affected files without it. The Cassetto Ransomware attack compromises the files and marks them with the file extension '.cassetto,' added to the file's name.
The Cassetto Ransomware’s Ransom Note
The Cassetto Ransomware delivers a ransom note titled 'IMPORTANT ABOUT DECRYPT.txt,' which contains a ransom payment demand for the victim. The Cassetto Ransomware urges the victim to contact the criminals via email and delivers the following ransom payment notification:
'WARNING!! YOU ARE SO F*UCKED!!!
Your Files Has Encrypted
What happened to your files?
All of your files were protected by a strong encryptation
There is no way to decrypt your files without the key.
If your files not important for you just reinstall your system.
If your files is important just email us to discuss the price and how to decrypt your files.
You can email us to omg-help-me@openmailbox.org
We accept just BITCOIN if you don´t know what it is just google it.
We will give instructions where and how you buy bitcoin in your country.
Price depends on how important your files and network is.
It could be 0.5 bitcoin to 25 bitcoin.
You can send us a encrypted file for decryption.
Fell free to email us with your country, computer name and username of the infected system.'
Security experts are against contacting the criminals or attempting to pay the Cassetto Ransomware ransom.
Protecting Your Data from the Cassetto Ransomware
The best protection against threats like the Cassetto Ransomware is to have the means to recover your data without having to contact the criminals or negotiate the payment. The best protection is to have file backups. Apart from file backups, security researchers advise computer users to use a security suite to protect their data from these troublesome attacks.
