Threat Database Ransomware COLORIT Ransomware

COLORIT Ransomware

By GoldSparrow in Ransomware

The COLORIT Ransomware is a generic encryption Trojan that was reported by computer security researchers on April 22nd, 2019. Security reports suggest that the COLORIT Ransomware is based on the Dharma Ransomware and the Crysis Ransomware. The COLORIT Ransomware is likely to encipher data on systems where users open email attachments from untrusted senders. The malware is well-known for running from the Temp directory and using the names of legitimate programs to hide its process. PC users are advised to avoid emails from unknown accounts and ignore advertisements with controversial topics as they are likely to lead to corrupted Web pages. The threat actors behind the COLORIT Ransomware have configured it to encipher general data types and attach the '.COLORIT' extension. For example, 'Gullfoss Falls.jpeg' is renamed to 'Gullfoss Falls.jpeg.COLORIT.' The COLORIT Ransomware writes a file called 'How Recovery Files.txt' to the desktop and the Documents folders providing the following notification:

'Hello, dear friend!
All your files have been ENCRYPTED
Do you really want to restore your files?
Write to our email -
and tell us your unique ID - ID_[10 RANDOM CHARS]'

Some researchers noticed that the ransom notification shown above is identical to the one used by the Sorry HT Ransomware that is a member of a separate ransomware family. The Sorry HT Ransomware is based on the HiddenTear open-source ransomware, and it is possible that both Trojans are made by the same team. Many ransomware developers offer access to their ransomware builder via a subscription fee — the practice is called Ransomware-as-a-Service (a.k.a RaaS). The people behind the COLORIT Ransomware may be using a RaaS based on Dharma and Crysis to expand their operations, or they may have merged into a more successful threat group. The ransom may be split between those who distribute the COLORIT Ransomware and those who create the ransomware builder.

Compromised users may be directed to pay $300 and more for a decoder. PC users are not likely to receive a decoder, and you may want to boot data backups as a safer option. Paying money to the cybercriminals is never a good idea. You can eliminate traces from the COLORIT Ransomware using a credible security instrument.


Most Viewed