CryptConsole Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 10 % (Normal) |
Infected Computers: | 231 |
First Seen: | January 27, 2017 |
Last Seen: | April 7, 2023 |
OS(es) Affected: | Windows |
The CryptConsole v3 Ransomware is an encryption ransomware Trojan that is a variant of a ransomware Trojan with the same name that was released in January 2017. The CryptConsole v3 Ransomware attacks were observed in June 2018, and there do not seem to be substantial differences between the CryptConsole v3 Ransomware and its predecessor. The CryptConsole v3 Ransomware, like most encryption ransomware Trojans, uses the AES and RSA encryptions to make the victim's files inaccessible, essentially taking them hostage. The CryptConsole v3 Ransomware will then demand a ransom payment from the victim in exchange for the decryption key necessary to restore the affected files. The best protection against threats like the CryptConsole v3 Ransomware is to have file backups stored on the cloud or an external memory device.
Table of Contents
How the CryptConsole v3 Ransomware Attacks Your Files
The CryptConsole v3 Ransomware's main purpose is to make the victim's files inaccessible. The CryptConsole v3 Ransomware will scan the victim's computer for files with certain file extensions and encrypt them, adding a new file extension to the compromised files to identify which files have been taken hostage. The following strings have been associated with the CryptConsole v3 Ransomware variants: '.heineken@tuta.io_[hex code],' '.sequre@tuta.io_[hex code],' and '.sequre@tuta.io_[random characters],' which it will add to the end of the affected file's names. The CryptConsole v3 Ransomware will target the user-generated files, which may include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The CryptConsole v3 Ransomware’s Ransom Demand
The CryptConsole v3 Ransomware will deliver a ransom note to its victims. The CryptConsole v3 Ransomware's ransom demand takes the form of a text file named 'README.txt' that is dropped on the infected computer's desktop. The text of the CryptConsole v3 Ransomware ransom note reads:
'Your files are encrypted!
YOUR PERSONAL ID
--------------------
[random characters]
--------------------
Discovered a serious vulnerability in your network security.
No data was stolen and no one will e able to do it while they are encrypted.
For you, we have automatic decryptor and instructions for remediation.
You will receive automatic decryptor, and all files will be restored
--------------------
To be sure in getting the decryption, you can send one file (less than 10MB) to sequre@tuta.io. In the letter inside include your personal ID (look at he beginning of the document). But this action will increase the cost of the automatic decryptor on 50 USD...
Attention!
Attempts to self-decrypting the files will result in the loss of your data.
Decoders other users are not compatible with your data, because each user';s unique encryption key.'
Protecting Your Data from Threats Like the CryptConsole v3 Ransomware
The best protection against threats like the CryptConsole v3 Ransomware is to have file backups stored on the cloud or an external memory device. Having file backups ensures that you can restore your files after an attack without having to contact the criminals or pay any ransom. Apart from file backups, malware researchers advise computer users to have a strong anti-malware program that is fully updated installed on their computers, which can be used to intercept threats like the CryptConsole v3 Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.