CCHH Ransomware
The CCHH Ransomware is classified as a ransomware threat, which means that this piece of malware infiltrates the computer systems of its victims, encrypts the stored files by using strong encryption and then demands money for their restoration. According to cybersecurity experts who have analyzed the underlying code of the threat, the CCHH Ransomware is not a unique variant, and instead, it belongs to the GlobeImposter Ransomware family.
What sets the CCHH Ransomware apart is the specific ".CCHH" extension that it appends to the end of every successfully encrypted file. This means that if the file had an original name of "picture1.png," it will be renamed to "picture1.png.CCHH". A file named "Decryptin INFO.html" containing the text of the ransom note will be dropped by CCHH Ransomware in every folder with encrypted files in it.
The hackers want each of their victims to send a test file, either image or text, to prove that they can restore all of the affected files successfully. The exact ransom amount will be specified only after the decrypted file has been delivered. Two email addresses are mentioned in the note - chinarecoverycompany@cock.li and chinarecoverycompany@airmail.cc.
Victims of CCHH Ransomware are encouraged to stay calm and not follow through with the criminals' demands. Instead of sending any amount of money that may be used to fund the hacker group's future criminal activities, cybersecurity experts recommend cleaning the infected computer with a legitimate anti-malware software and either use a backup to restore the files or wait for a potential free decryptor to be released.
The full text of CCHH Ransomware's note is:
'ALL YOUR FILES AND IMPORTANT DATA ARE ENCRYPTED!
To recover data you need decryptor.
To get the decryptor you should:
Send 1 test image or text file chinarecoverycompany@cock.li or chinarecoverycompany@airmail.cc.
In the letter include your personal ID (look at the beginning of this document).
We will give you the decrypted file and assign the price for decryption all files
After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder.
Attention!
Only chinarecoverycompany@cock.li or chinarecoverycompany@airmail.cc can decrypt your files
Do not trust anyone chinarecoverycompany@cock.li or chinarecoverycompany@airmail.cc
Do not attempt to remove the program or run the anti-virus tools
Attempts to self-decrypting files will result in the loss of your data
Decoders other users are not compatible with your data, because each user's unique encryption key.'
