KoRyA Ransomware
The KoRyA Ransomware encrypts data, appends the '.KoRyA' extension to filenames, changes the desktop wallpaper, creates the 'HOW TO DECRYPT FILES.txt' file and displays an error message. KoRyA is threatening ransomware belonging to the Xorist family. The KoRyA Ransomware encrypts data, appends the '.KoRyA' extension to filenames, changes the desktop wallpaper, creates the 'HOW TO DECRYPT FILES.txt' file and displays an error message. An example of how the KoRyA Ransomware modifies filenames is that it renames '1.jpg' to '1.jpg.KoRyA,' '2.png' to '2.png.KoRyA,' etc.
The ransom notes contained in KoRyA's desktop wallpaper, text file, and error message are identical. They state that data decryption costs 0.06 BTC, worth around $1000 at the current Bitcoin exchange rate. The demanded sum must be transferred to the cybercriminals' crypto-wallet address, which is also mentioned in the note. After paying the ransom, victims are instructed to contact the 'korya@tuta.io' email address. The threat actors warn that after two days have passed without receiving the ransom payment, they will delete the decryption keys necessary for restoring the locked files, leaving the data in an unrecoverable state.
Victims of the KoRyA Ransomware are advised not to pay the demanded amount, as there is no guarantee that they will receive a working decryption tool even after payment has been made, and there also is a risk of being tricked. It is recommended to use a reliable anti-malware solution to remove KoRyA from the infected system and then restore the damaged data from backups or using data recovery software.
Measures against Ransomware Attacks
Ransomware attacks are becoming increasingly common, and it is crucial to take steps to protect yourself from them. The first measure is to ensure that your computer has the latest security updates and patches installed. This will help prevent threatening software from exploiting any vulnerabilities in your system. Additionally, make sure you have a reliable anti-malware program installed on your computer and that it is regularly updated.
Another important step is to back up all of your data regularly. This way, if you become the victim of a ransomware attack, you can restore your files from the backup instead of paying the ransom demand. Make sure that these backups are stored on an external drive or in the cloud, so they are not vulnerable to the same attack as your computer.
You also should be careful when opening emails or clicking on links sent by unknown sources. Threatening software can be hidden in attachments or links, so it's best to avoid them altogether if possible. If you must open an attachment or click a link, make sure you scan it with an anti-malware program first before doing anything else with it.
Finally, be aware of phishing schemes and other social engineering tactics used by attackers to gain access to sensitive information, such as passwords and credit card numbers. If you receive an email or message that looks suspicious, do not respond to it, and delete it immediately.
The ransom note shown in the threat's error window, desktop background, and text file is:
An example of how the KoRyA Ransomware modifies filenames is that it renames '1.jpg' to '1.jpg.KoRyA,' '2.png' to '2.png.KoRyA,' etc.
The ransom notes contained in KoRyA's desktop wallpaper, text file, and error message are identical. They state that data decryption costs 0.06 BTC, worth around $1000 at the current Bitcoin exchange rate. The demanded sum must be transferred to the cybercriminals' crypto-wallet address, which is also mentioned in the note. After paying the ransom, victims are instructed to contact the 'korya@tuta.io' email address. The threat actors warn that after two days have passed without receiving the ransom payment, they will delete the decryption keys necessary for restoring the locked files, leaving the data in an unrecoverable state.
Victims of the KoRyA Ransomware are advised not to pay the demanded amount, as there is no guarantee that they will receive a working decryption tool even after payment has been made, and there also is a risk of being tricked. It is recommended to use a reliable anti-malware solution to remove KoRyA from the infected system and then restore the damaged data from backups or using data recovery software.
Measures against Ransomware Attacks
Ransomware attacks are becoming increasingly common, and it is crucial to take steps to protect yourself from them. The first measure is to ensure that your computer has the latest security updates and patches installed. This will help prevent threatening software from exploiting any vulnerabilities in your system. Additionally, make sure you have a reliable anti-malware program installed on your computer and that it is regularly updated.
Another important step is to back up all of your data regularly. This way, if you become the victim of a ransomware attack, you can restore your files from the backup instead of paying the ransom demand. Make sure that these backups are stored on an external drive or in the cloud, so they are not vulnerable to the same attack as your computer.
You also should be careful when opening emails or clicking on links sent by unknown sources. Threatening software can be hidden in attachments or links, so it's best to avoid them altogether if possible. If you must open an attachment or click a link, make sure you scan it with an anti-malware program first before doing anything else with it.
Finally, be aware of phishing schemes and other social engineering tactics used by attackers to gain access to sensitive information, such as passwords and credit card numbers. If you receive an email or message that looks suspicious, do not respond to it, and delete it immediately.
The ransom note shown in the threat's error window, desktop background, and text file is:
'ATTENTION!
All your files have been encrypted
And their decryption will cost you 0.06 bitcoin.To start the decryption process follow the steps below
Step 1) Make sure you send 0.06 bitcoin to this wallet:
bc1q73lm30rgv6h9wy42y88t0r8prjh9l9pzpvvm9cStep 2) Contact me at this email address: korya@tuta.io
With this Subject: -After the payment has been confirmed,
you will receive the decryptor and the keys for decryption!Other information:
If you don't own bitcoin, you can buy it here very easily
www.coinmama.com
www.bitpanda.com
www.localbitcoins.com
www.paxful.comYou can find a larger list here:
hxxps://bitcoin.org/en/exchangesIf the payment is not made in 2 days, I will consider that you do not want to decrypt your files,
and therefore the keys generated for your PC will be permanently.deleted.'
