Colecyrus@mail.com Ransomware
The Colecyrus@mail.com Ransomware is an encryption ransomware Trojan that was first observed on October 25, 2017. The Colecyrus@mail.com Ransomware's main purpose is to take the victims' files hostage, demanding that the victim's contact the people responsible for the Colecyrus@mail.com Ransomware through their email address to pay a ransom amount in exchange for the decryption program. The Colecyrus@mail.com Ransomware, like other encryption ransomware Trojans, uses the AES 256 encryption to make the victim's files inaccessible. The Colecyrus@mail.com Ransomware delivers its ransom note in a text file dropped on the infected computer's desktop. This file, named 'Readme.txt' demands a ransom payment from the victim. Threats like the Colecyrus@mail.com Ransomware are commonly delivered through corrupted email attachments that are disguised as legitimate messages from PayPal, Amazon, or other legitimate senders. These emails may use bad macro scripts to download and install the Colecyrus@mail.com Ransomware on the victim's computer. This is why PC security researchers advise computer users to disable macro scripts on their Microsoft Office suite (since Microsoft Word documents are a common source of these attacks).
Table of Contents
How the Colecyrus@mail.com Ransomware Attacks a Computer
After installing the Colecyrus@mail.com Ransomware on the computers by opening a compromised file with corrupted macro scripts, the victim's files will be encrypted. The Colecyrus@mail.com Ransomware targets the user-generated files while avoiding Windows system files (since these threats need Windows to remain functional so that the victim can read the ransom note and make the payment). Some of the file types that are typically targeted in attacks like the Colecyrus@mail.com Ransomware include:
.aif, .apk, .arj, .asp, .bat, .bin, .cab, .cda, .cer, .cfg, .cfm, .cpl, .css, .csv, .cur, .dat, .deb, .dmg, .dmp, .doc, .docx, .drv, .gif, .htm, .html, .icns, .iso, .jar, .jpeg, .jpg, .jsp, .log, .mid, .mp3, .mp4, .mpa, .odp, .ods, .odt, .ogg,.part, .pdf, .php, .pkg, .png, .ppt, .pptx, .psd, .rar, .rpm, .rss, .rtf, .sql, .svg, .tar.gz, .tex, .tif, .tiff, .toast, .txt, .vcd, .wav, .wks, .wma, .wpd, .wpl, .wps, .wsf, .xlr, .xls, .xlsx, .zip.
The Colecyrus@mail.com Ransomware delivers the decryption key to its Command and Control server, making it impractical to recover the files that have been encrypted by the Colecyrus@mail.com Ransomware attack without the decryption key. The Colecyrus@mail.com Ransomware marks the files encrypted by its infection with the file extension '.colecyrus@mail.com.b007' added to the end of each affected file's name.
The Colecyrus@mail.com Ransomware’s Ransom Note
The Colecyrus@mail.com Ransomware will deliver a ransom note after encrypting the victim's files. The text of the Colecyrus@mail.com Ransomware's ransom note reads:
'Access to your files was limited.
To return your files, you have 72 hours. Write to us.
Our contacts.
Our email: colecyrus@mail.com
ATTENTION. To email (colecyrus@mail.com) write messages only from these e-mail services. From other email services, messages may not be received by us.
Yahoo. https://mail.yahoo.com
Gmail. https://www.google.com
Mail. https://www.mail.com
ATTENTION. We will reply you within 24 hours. If there is no response from us, please send your message again.
Tor email: colecyrus@torbox3uiot6wchz.onion
To register tor e-mail, use the service http://torbox3uiot6wchz.onion
This link opens in tor browser. Link to tor browser https://www.torproject.org/
Send us 3 encrypted files, each no more than 2 MB (only pictures, text documents or shortcuts).
We will decrypt them to you for free, to confirm that we can help you.
Together with the decrypted files you will receive further instructions.
YOUR KEY.
[260 RANDOM CHARCTERS]'
Computer users that do not follow the instructions in the Colecyrus@mail.com Ransomware's ransom note are making the right decision. Even if these people help you recover your files, paying the Colecyrus@mail.com Ransomware ransom amount allows them to continue creating and distributing their threats. It also makes you a target for future attacks from the same group. In most cases, however, the con artists will ignore the payments entirely or keep asking for more money from the victim. Instead, it is recommended to restore the affected files from a backup copy in the cloud or another safe place.
SpyHunter Detects & Remove Colecyrus@mail.com Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | 95f769fb6170382e07ebd2ff21c17c6c | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.