Chos Ransomware
The Chos Ransomware appears to be targeting Russian-speaking users and aiming to encrypt their data specifically. After being deployed to the compromised system, the threat will execute an encryption routine that will affect nearly all of the files found there. Users will be left completely locked out from accessing or using any of their images, pictures, documents, databases, archives and many other file types. The cybercriminals will exploit the locked files and try to extort the victim for money.
Other notable characteristics of the Chos Ransomware attack are the new file extensions appended to the original names of all locked files, a new wallpaper being set as the desktop background of the system and the creation of a text file named 'Chos.txt.' Indeed, each encrypted file will now have '.Chos' added to its name while the text file will contain a ransom note with instructions for the victim.
Demands Overview
The ransom note left by the Chos Ransomware is written in Russian entirely and doesn't contain any translations into other languages. It states that the encrypted data can be recovered but only via the decryption tool possessed by the cybercriminals. The hackers also warn that any attempts to use third-party decryption tools or services could leave the locked files completely unsalvageable. The note also features a countdown timer measuring the time affected users have to come to an agreement with the attackers. According to the note, after the allotted time is over, all encrypted files will be deleted. The only way to contact the hackers is through the Telegram account provided in the note.
The entire text of Chos Ransomware's message in its original Russian is:
'Все данные сервера зашифрованы! // Все данные компьютера зашифрованы!
03 дня 23:57:30 0109
После времени все файлы будут удалены
ВАШ 1W2C3B552
Теперь вам нужно заплатить, чтобы восстановить данные
После передачи денег вы получите декриптор
КОНТАКТЫ
TELEGRAM @comodosecunty
Любые попытки вернуть файлы чужими инструментами могут быть фатальными для ваших зашифрованных файлов! Большая часть сторонних инструментов изменяет данные внутри зашифрованного файла, чтобы восстановить его, но это приводит к повреждению файлов.
В итоге будет невозможно расшифровать файлы! Есть несколько шагов для простого восстановления ваших файлов, но если вы не следуете им, мы не сможем вам помочь!'
