CURATOR Ransomware

By GoldSparrow in Ransomware

Translate To:

The CURATOR Ransomware is a crypto locker threat that appears unique and not part of any pre-existing ransomware family. As a whole, it still follows what is considered the typical behavior of threats of this type, though. The CURATOR Ransomware's goal is to infiltrate the targeted computer successfully, execute its encryption process, and then request money from the victims in exchange for the restoration of the 'locked' data. The specific encryption method involves the use of a combination of two cryptographic algorithms - ChaCha and AES. All encrypted files will have '.CURATOR' appended to their original filenames as a new extension. The ransom note with instructions from the criminals is dropped as a text file named '!=HOW_TO_DECRYPT_FILES=!.txt.'

Users affected by the CURATOR Ransomware are told to initiate communication with the hackers by sending a message to 'the assistantkeys@rape.lol.' If there is no connection within the next 24 hours, victims should try contacting the alternate email address at 'mending7788@protonmail.ch.' The ransom note doesn't mention anything about the exact sum that the hackers demand to be paid or if it needs to be in any specific cryptocurrency. However, they tell their victims that up to 3 files that do not exceed a total size of 5 MB can be sent for free decryption.

Although the shock of losing access to your personal or business files is indeed nerve-wracking, following the instructions of the hackers may not be the best course of action. Victims of the CURATOR Ransomware should first try to find a suitable backup that was created before the malware threat had compromised their computers. If such a backup is available, it can be used to restore the encrypted files. Don't forget to first clean the affected device with a reputable anti-malware program to remove any traces of the CURATOR Ransomware.

The full text of the ransom note dropped by CURATOR is:

'Hello!

All your important data has been encrypted. !

Your files are safe! Only modified(ChaCha+AES)

There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is CURATORly stored on our server.

HOW TO RECOVER FILES???

Please write us to the email:

assistantkeys[@]rape.lol

If you will get no answer within 24 hours contact us by our alternate emails:

mending7788[@]protonmail.ch

To verify the possibility of the recovery of your files we can decrypted 1-3 file for free.

Attach 1-3 file to the letter (no more than 5Mb). Indicate your personal ID on the letter:

id-RA[redacted 10 lowercase hex]

* No software available on internet can help you. We are the only ones able to solve your problem.

* Make contact as soon as possible. Your private key (decryption key) is onlystored temporarily.

* Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

CURATOR Ransomware

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen