CoderWare Ransomware

CoderWare Ransomware Description

The CoderWare Ransomware is a potent malware threat that aims to extort money from its victims after locking up their computer files with uncrackable encryption. So far, CoderWare has not been classified as part of any of the already established ransomware families, and as a result, it can be considered as a unique crypto locker threat.

When CoderWare encrypts a file, it appends '.DEMON' as a new extension to the file's original name. The threat then delivers a ransom note with instructions from the hackers both as text files and displayed in a pop-up window. The text files are named 'README.txt' and will be dropped in every folder that contains the encrypted data. The text from the pop-up window and in the text files is identical.

According to the note, the cybercriminals responsible for unleashing the CoderWare Ransomware want to be paid $1000 in exchange for the restoration of the encrypted user files. The transaction must be completed using the Bitcoin cryptocurrency with the money being sent to the provided wallet address. When the victims transfer the sum, they are expected to reach out to the hackers by using the 'tuhafcoderus@protonmail.com' email address. Two additional communication channels also are provided - the @Codersan telegram account and the WhatsApp number +63 997 401 3126.

CoderWare threatens its victims that if 10 hours elapse without the ransom being paid, the hackers will either delete the decryption keys or the encrypted files. A countdown timer ticking down from 10 hours will be displayed in the bottom section of the pop-up window generated by the threat.

The full text of CoderWare's ransom note is:

'hey Down!

Seems like you got hit by the CoderWare Ransomware!

warning: take a screenshot of this place. If you lose the information here, you'll never get to us. and it would be impossible to get your dosys

Don't Panic, you get have your files back!

CoderWare uses a basic encryption script to lock your files.This type of ransomware is known as CRYPTO.

You'll need a decryption key in order to unlock your files.

Your files will be deleted when the timer runs out, so you better hurry.You have 10 hours to find your key

When you pay >>> 1000$ <<< to the Bitcoin address below,

you will need to send a single as proof to our email address,

and if the receipt is correct, your code to decrypt our files to your email address. It will be sent back to you via email. 

But you have to be quick for that. Because you have 10 hours. If you do not pay within 10 hours, your files will be permanently deleted.

And it would be out of reach again. If you don't know how to get bitcoin.

hxxps://buy.moonpay.io

can quickly get your credit or debit card online from the website.

Please type the bitcoin address shown on the screen in the wallet field on the website. If you try to shut it down by force,

you'll lose your dosys. because if you lose your bitcoin address,

you won't be able to pay. and you'll never get your files back.

email: tuhafcoderus@protonmail.com

bitcion Adress : 336Fvf8fRrpySwq8gsaWdf7gfuGm5FQi8K

telegram : @Codersan

whatsap: +63 997 401 3126.'

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.