Czech Ransomware

The Czech Ransomware receives its name because it has been designed to attack computers belonging to Czech-speakers. The Czech Ransomware can be recognized easily both because it identifies the files affected in the attack by changing their extension to '.???' and because it uses a ransom note written in the Czech language entirely. The Czech Ransomware uses a strong encryption method to take the victims' files hostage, displaying a ransom note that demands that the victim pays approximately $9 USD in the Czech Krona in exchange for the encryption key (a remarkable low amount for a ransomware Trojan, compared to most other attacks on the market). The Czech Ransomware demands payment using a PaySafe card, a payment method that was more popular several years before. Malware analysts strongly advise against paying the Czech Ransomware ransom, despite that its ransom is quite lower than other ransomware Trojans. Instead, computer users should have backup copies of their files to allow an easy recovery in case of a ransomware attack by the Czech Ransomware or other similar infection.

How the Extortionists may Deliver the Czech Ransomware Trojan to Their Victims

The main distribution avenue related to the Czech Ransomware is the use of spam email. The Czech Ransomware may be installed on the victim's computer via corrupted email attachments. These attachments will be included in an email message containing a text written in Czech, which is designed to trick the victim into opening the file attachment. Spam email attachments are, by far, the most pervasive way in which con artists may distribute threats like the Czech Ransomware. Because of this, the use of a good anti-spam filter and learning to handle email attachments safely can reduce the chances of becoming infected with the Czech Ransomware greatly. Avoid opening all unsolicited email attachments, even if they seem to come from a trusted contact (which may have been compromised).

How the Czech Ransomware Carries out Its Attack

As soon as the Czech Ransomware enters a computer, it creates its executable file in one of the following locations:

• %AppData%
• %Roaming%
• %Local%
• %LocalRow%
• %SystemDrive%
• %User's Profile%

The Czech Ransomware also will alter the Windows Registry to ensure that it runs automatically when Windows starts up. The Czech Ransomware has a list of file types in its configuration files. The Czech Ransomware will search for these files and encrypt them using its strong encryption algorithm. The Czech Ransomware encrypts media files, image files, documents, spreadsheets, databases, and a wide variety of other file types, avoiding the files that are essential to the Windows operating system (since the Czech Ransomware requires Windows to remain operational to display its ransom note and demand payment). The files encrypted by the Czech Ransomware will have the extension '.???' appended to the end of the file name. After encrypting the victim's files, the Czech Ransomware delivers its ransom note. The full text of the Czech Ransomware's ransom note, written in Czech, reads as follows:

'Váš počítač a vaše soubory byly uzamknuty!
Co se stalo?
Veškeré vaše soubory byly zašifrovány šifrovacím algoritmem AES-256 společně s vaším osobním počítačem.
VAROVÁNÍ!!!
Pokud nesplníte všechny dané požadavky uvedené níže do 2 DNÍ, váš dešifrovací klíč se SMAŽE a vy své soubory a ÚČTY NIKDY NEUVIDÍTE.
Jak získat klíč?
– Stačí zakoupit kartu PaySafe Card v hodnotě 200Kč ,zadat její kód (číslo) do textového pole pod tímto textem a stisknout zelené tlačítko.
Vaše platba pak bude odeslána k ověření. Po ověření budou vaše soubory a váš počítač uvedeny do původního stavu.
– Kde koupím PaySafe Card?
PaySafe Card se dá zakoupit v jakékoliv trafice, či pumpě. Stačí se zeptat prodejce.'

The ransom note warns the victim of the attack and demands the payment of a ransom essentially. Unfortunately, it may not be possible to decrypt files that have been compromised during the Czech Ransomware attack currently. Because of this, prevention is the key to ensure that you are protected from a Czech Ransomware attack. Malware researchers recommend the use of a reliable security program that is fully up-to-date.