Threat Database Ransomware CryptConsole Ransomware

CryptConsole Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 10 % (Normal)
Infected Computers: 231
First Seen: January 27, 2017
Last Seen: April 7, 2023
OS(es) Affected: Windows

The CryptConsole v3 Ransomware is an encryption ransomware Trojan that is a variant of a ransomware Trojan with the same name that was released in January 2017. The CryptConsole v3 Ransomware attacks were observed in June 2018, and there do not seem to be substantial differences between the CryptConsole v3 Ransomware and its predecessor. The CryptConsole v3 Ransomware, like most encryption ransomware Trojans, uses the AES and RSA encryptions to make the victim's files inaccessible, essentially taking them hostage. The CryptConsole v3 Ransomware will then demand a ransom payment from the victim in exchange for the decryption key necessary to restore the affected files. The best protection against threats like the CryptConsole v3 Ransomware is to have file backups stored on the cloud or an external memory device.

How the CryptConsole v3 Ransomware Attacks Your Files

The CryptConsole v3 Ransomware's main purpose is to make the victim's files inaccessible. The CryptConsole v3 Ransomware will scan the victim's computer for files with certain file extensions and encrypt them, adding a new file extension to the compromised files to identify which files have been taken hostage. The following strings have been associated with the CryptConsole v3 Ransomware variants: '.heineken@tuta.io_[hex code],' '.sequre@tuta.io_[hex code],' and '.sequre@tuta.io_[random characters],' which it will add to the end of the affected file's names. The CryptConsole v3 Ransomware will target the user-generated files, which may include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The CryptConsole v3 Ransomware’s Ransom Demand

The CryptConsole v3 Ransomware will deliver a ransom note to its victims. The CryptConsole v3 Ransomware's ransom demand takes the form of a text file named 'README.txt' that is dropped on the infected computer's desktop. The text of the CryptConsole v3 Ransomware ransom note reads:

'Your files are encrypted!
YOUR PERSONAL ID
--------------------
[random characters]
--------------------
Discovered a serious vulnerability in your network security.
No data was stolen and no one will e able to do it while they are encrypted.
For you, we have automatic decryptor and instructions for remediation.
You will receive automatic decryptor, and all files will be restored
--------------------
To be sure in getting the decryption, you can send one file (less than 10MB) to sequre@tuta.io. In the letter inside include your personal ID (look at he beginning of the document). But this action will increase the cost of the automatic decryptor on 50 USD...
Attention!
Attempts to self-decrypting the files will result in the loss of your data.
Decoders other users are not compatible with your data, because each user';s unique encryption key.'

Protecting Your Data from Threats Like the CryptConsole v3 Ransomware

The best protection against threats like the CryptConsole v3 Ransomware is to have file backups stored on the cloud or an external memory device. Having file backups ensures that you can restore your files after an attack without having to contact the criminals or pay any ransom. Apart from file backups, malware researchers advise computer users to have a strong anti-malware program that is fully updated installed on their computers, which can be used to intercept threats like the CryptConsole v3 Ransomware.

Related Posts

Trending

Most Viewed

Loading...