Chekyshka Ransomware

The Chekyshka Ransomware uses the AES cipher and demands money in return for decrypting files it encrypts during an attack. The Chekyshka Ransomware usually adds a ."chekyshka" extension to each file it encrypts. The associated ransom file is usually named "!!!CHEKYSHKA_DECRYPT_README.TXT" and is created in every folder containing infected files. The ransom amount is usually $1200 to be paid via Bitcoin.

How the the Chekyshka Ransomware Spreads

The Chekyshka Ransomware is known to use AES cipher methods to encrypt the user files. It was first reported in June of 2019 and works like most ransomware. The Chekyshka Ransomware is spread using various methods including spam email, torrents, and infected direct downloads from spoof sites. It also can be spread using embedded macros in documents.

Sample Ransom Note
'All your files have been encrypted.
Your unique id: A0244D50B9034A419856CADBEE5DF40D
You can buy decryption for 1200$ in Bitcoins.
But before you pay, you can make sure that we can really decrypt any of your files.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.
To do this:
1) Download and install Tor Browser ( https://www.torproject.org/download/ )
2) Open the y7c5bdswtvcfbb2c6waotudyrwhvetxt5xzdkq5hyxnd7clpc3dernqd.onion web page in the Tor Browser and follow the instructions.'

Protecting Yourself from the Chekyshka Ransomware

There are many ways to protect yourself from malware and ransomware. However, there is always a chance that something gets through your protective measures and manages to infect your system. This is why it is important that all your files are backed up regularly. If you work with files that would be disastrous to lose, you should always have a second back up in the Cloud, or on a physical drive that is not in the same place as your system. Always make sure you know who or where you are downloading the files form. Even if a file is attached to an email from someone you know, always make sure that the address matches exactly and the attachment makes sense in the email context. Sometimes, an infected system can attach files to emails without the sender ever realizing it. Malware also can be added to torrents. Never download torrents from unknown sources or run any executable files they may contain.

The best thing you can do to protect yourself is to use good third-party anti-virus software and keep it updated regularly. Antivirus software and virus definitions are how the software knows what to look for and how to be protected from each threat. Once installed, turn on auto-updates for your software.

My Device has been Infected. What Do I Do Now?

There are numerous ways to remove malware from your system. However, no removal tool or manual removal method is ever going to be 100% effective. Your best course of action is to format your hard drive and start over from a clean backup. If you don't have a backup, it's still important to format your storage to make sure all traces of the malware are removed. While most ransomware makes it impossible to recover files, a few tools are available that purport to be able to decrypt files encrypted by the Chekshyka Ransomware. You can find these tools using a simple Google search but always make sure that any tool you download from the Internet comes from a reputed ant-virus company. Installing software that can modify or delete files can add more malware to your system.

NEVER pay any ransom or try to communicate with attackers. There is very little chance that any attacker will help you recover your data. Most attackers continue to ask for more money or disappear if you pay them money.