'corpseworm@protonmail.com' Ransomware
There are new ransomware threats uncovered by experts daily, and the trend does not seem to be dying down. An increasing number of cyber crooks are trying their luck with the creation and distribution of file-locking Trojans, as this can be an easy way to make some cash. Among the newest spotted ransomware threats is the 'corpseworm@protonmail.com' Ransomware. This ransomware threat is a new copy of the Cryakl Ransomware.
Propagation and Encryption
It is not known what the exact propagation methods, which are involved in the spreading of the 'corpseworm@protonmail.com' Ransomware are, but some believe that spam emails may be the infection vector responsible. These mass spam email campaigns usually involve a fake message attempting to convince the user to open a corrupted attached file. If the users fall for this and launch the attachment, the threat in question will compromise their system. There are other ways of distributing ransomware threats such as torrent trackers, bogus pirated copies of popular software services, and fake application updates, which also may be involved in the propagation of the 'corpseworm@protonmail.com' Ransomware. The 'corpseworm@protonmail.com' Ransomware is likely to target a very long list of file types that can be found on the system of every regular Internet user. This ensures that the ransomware threat will lock most, if not all data present on the system and thus make it more likely for the victim to pay up. The 'corpseworm@protonmail.com' Ransomware uses an encryption algorithm to lock the targeted data and applies a new extension to the affected files - '[CS 1.7.0.1][corpseworm@protonmail.com].<3 RANDOM CHARACTERS>.'
The Ransom Note
Then, the 'corpseworm@protonmail.com' Ransomware will drop its ransom note, which is named 'README.txt.' There is not an allusion to a specific ransom fee, so it is likely that this will be revealed to the victims after they get in touch with the attackers. The email address, which is provided by the attackers is ‘corpseworm@protonmail.com.’ It is interesting that the same email has been used in a campaign distributing the Paradise Ransomware.
It is never a wise move to contact cyber crooks as, usually, nothing good will come of it. These are individuals who lack scruples and will not hesitate to take your money even if they have no intent on helping you recover your files. This is why it is far safer to look into downloading and installing a legitimate anti-virus tool and using it to wipe off this nasty Trojan from your system. You also can try to use a third-party data-recovery application to recover some of the files affected by this file-locking Trojan.
