Cs16 Ransomware
The CS16 Ransomware is another example of a data-locking Trojan. The CS16 Ransomware belongs to the "Cryakl" family of ransomware. Data-locking malware encrypt a user's files and makes them unusable. The attacker then demands a ransom, usually in cryptocurrency, in return for unencrypting the files. There are no known legitimate cases of a ransom being paid and honored. The CS16 Ransomware changes infected files' extensions by adding the string "email-3nity@tuta.io.ver-CS 1.6.-..cs16" to the end of the file. The CS16 Ransomware also creates a ransom note sometimes called "_open_.txt." The CS16 Ransomware does not appear to attack any specific geographical region or group of people.
Table of Contents
How the CS16 Ransomware Attack Works
The CS16 Ransomware works much the same as most other ransomware. The CS16 Ransomware spreads using spam email, infected downloads and corrupted torrents. It can either be run when the infected file is run directly, or through the use of macros, if it is hidden inside an MS Office document. Once an infected file is run, the CS16 malware can modify the Windows Registry entries including the Shell subkey "HKLM/Software/Microsoft/WindowsNT/CurrentVersion/Winlogon/Shell". The CS16 Ransomware then can modify the Registry key "HKLM/Software/Microsoft/Windows/CurrentVersion/Run/" and use it to run files the malware places in the "%AppData%" directory. This causes a bad code to be run when Windows boots.
Sample Ransom Note
'ATTENTION!
Don’t worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-mlQvroK6UO
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
merosa@india.com
Reserve e-mail address to contact us:
merosa@firemail.cc'
Protecting Yourself from the CS16 Ransomware
The first thing to be done, if you haven't already done so, is to download and install a reputable anti-virus software and keep it updated regularly. Most operating systems ship with anti-virus and anti-malware software these days, but it's up to you to keep it updated. If your operating system is pirated, ditch it and purchase an official copy to ensure that you are protected with OS updates. Always download files from known sources when downloading them from the Internet or an email attachment. Even if a file is attached to an email sent by a known acquaintance, double-check that their email address matches the one known to you exactly. Even if the email is authentic, malware can sometimes attach infected files to emails without the sender knowing it.
What can you do if you can't trust any file you download? First and foremost: backup your data regularly. This means that even though there is always the risk of malware getting through to your system despite your best efforts, you will always have a way to recover most of your data. Always keep a copy of important or sensitive files off site or in the cloud.
Malware can sometimes be hidden inside a torrent. Never download torrents from unknown sources or run any executable files they may contain. Especially, do not do this on computers with any sensitive or important data.
My Device Has Been Infected. What do I do Now?
You can try searching for all the infected files and deleting them manually. There also are numerous tools that purport to be able to remove malware or even recover encrypted files, but usually the latter is impossible since encryption methods use a secret key, without which decryption is not possible. Paying a ransom or reaching out to the attackers will almost always end in either more money being demanded or the attackers disappearing. There is minimal to no chance that the attackers will recover your data after being paid.
