CY3 Ransomware

Cybercriminals continue to unleash more malware threats that can cause irreparable damage to the systems they infect. Even threats that are not entirely unique and are variants of already existing malware can lead to serious negative consequences. The CY3 Ransomware is exactly such a threat that could leave victims scrambling to recover their personal or business-related data.

Analysis of the CY3 Ransomware has confirmed that the threat belongs to the infamous Dharma malware family. Threats based on Dharma have been used in numerous attack operations, and the strain continues to be popular among cybercriminals. Once CY3 has successfully infected the targeted computer, it will execute an encryption routine that will lock the victim's documents, PDFs, spreadsheets, databases, images, photos and more. Each encrypted file will have its name changed by having an ID string, an email address, and a new file extension attached to it. In this particular case, the threat places the 'cybercrypt@tutanota.com' email address and the '.CY3' file extension.

Victims of the CY3 Ransomware will be left with two ransom notes. The shorter ransom-demanding message will be placed on the breached device as a text file named 'info.txt.' It provides the impacted users or organizations with two emails, as potential ways to reach the threat actors - 'jerd@420blaze.it' and 'cybercrypt@tutanota.com.' The main ransom note shown as a pop-up window again mentions the same email addresses. It also clarifies that victims must be ready to pay a ransom using the Bitcoin cryptocurrency. The hackers state that they may be willing to unlock up to 3 non-important files for free.

The full text of CY3 Ransomware's note is:

'All your files have been encrypted!
Don't worry, you can return all your files!
If you want to restore them, write to the mail: ronrivest@airmail.cc YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:ronrivest@tuta.io
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 3Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The ransom note dropped as a text file is:

all your data has been locked us
You want to return?
write email jerd@420blaze.it or cybercrypt@tutanota.com'