CHRB Ransomware

The CHRB Ransomware is a dangerous variant from the Matrix Ransomware family. Although it doesn't deviate much from the typical Matrix threats, CHRB's destructive capabilities shouldn't be underestimated in the slightest. Once inside the user's computer system, the threat will engage an encryption algorithm that will render most of the files stored there both inaccessible and usable. The hackers will then try to extort their victim in exchange for restoring the data to its original state.

When CHRB encrypts a file, it modifies that file's name significantly. The threat adds an email address, a random string, and a new file extension. The email address is 'RecoveryData1@cock.li' while the extension is '.CHRB.' Victims can find the ransom note of the threat inside a file named '!README_CHRB!.rtf.'

CHRB Ransomware's Demands

The ransom message doesn't contain information about the actual sum of the ransom or if the money must be transmitted using one of the popular cryptocurrencies. The hackers do clarify, however, that the malware employs a combination of the AES-128 and RSA-2048 algorithms for its encryption. To get additional details victims are told to send a message to all three of the email addresses mentioned in the note - 'RecoveryData1@cock.li,' 'RecoveryData1@protonmail.com,' and 'RecoveryData1@protonmail.com.' As part of the initial message, users can attach up to 3 locked files. The hackers will then supposedly unlock and sent them back for free. The files must not contain any important data or exceed 5MB in total size.

The full text of the ransom note is:

'HOW TO RECOVER YOUR FILES INSTRUCTION
ATENTION!!!
We are realy sorry to inform you that ALL YOUR FILES WERE ENCRYPTED
by our automatic software. It became possible because of bad server security.

ATENTION!!!
Please don't worry, we can help you to RESTORE your server to original
state and decrypt all your files quickly and safely!

INFORMATION!!!
Files are not broken!!!
Files were encrypted with AES-128+RSA-2048 crypto algorithms.
There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server.Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!

Please note that you can recover files only with your unique decryption key, which stored on our server.

HOW TO RECOVER FILES???
Please write us to the e-mail (write on English or use professional translator):
RecoveryData1@cock.li
RecoveryData1@protonmail.com
RecoveryData1@protonmail.com
You have to send your message on each of our 3 emails due to the fact that the message may not reach their intended recipient for a variety of reasons!

In subject line write your personal ID:

We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files.Please note that files must not contain any valuable information and their total size must be less than 5Mb.

OUR ADVICE!!!
Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.'