Krusop Ransomware
There is a growing interest in the 'business' of ransomware. More and more shady individuals decide to partake in this criminal activity as ransomware threats are perceived as a way to make a quick buck with almost no fear of consequences widely. One of the most recently spotted data-locking Trojans is the Krusop Ransomware.
Propagation and Encryption
When the cybersecurity experts that uncovered the Krusop Ransomware studied this threat closer, it became clear that it belongs to the STOP Ransomware family. However, they have not been able to determine with any certainty what are the propagation methods that the creators of the Krusop Ransomware have used. Some believe that fake application updates, bogus copies of popular software tools, and spam emails containing infected attachments may be among the infection vectors employed by the attackers. When the Krusop Ransomware compromises a PC, it will make sure to perform a scan first. The objective is to locate all the files, which are of interest to the Krusop Ransomware. Next, the Krusop Ransomware will begin locking all the marked files. After the encryption process is through, all the affected files' names will be changed. The Krusop Ransomware adds a '.krusop' extension to each locked file. This means that if prior to the attack an audio file was named 'Lost-Muse.mp3' after the attack has taken place it will be called 'Lost-Muse.mp3.krusop.'
The Ransom Note
After this is done, the Krusop Ransomware drops a ransom note in the shape of a text file called '_readme.txt,' which reads:
’ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-o7ClqIH7RS
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
gorentos2@firemail.cc
Our Telegram account:
@datarestore
Mark Data Restore
Your personal ID:’
The ransom fee demanded by the authors of the Krusop Ransomware is $980. The users who contact the attackers within 72 hours of the attack takes place will receive a 50% discount and will have to pay $490, or so the cyber crooks claim. As proof that they are in possession of a working decryption key, the creators of the Krusop Ransomware offer to decrypt one file free of charge. The attackers have provided two email addresses as a means of contacting them – 'gorentos@bitmessage.ch' and 'gorentos2@firemail.cc.' For the victims who would prefer to converse over Telegram, the authors of the Krusop Ransomware have given out their Telegram contact details too - @datarestore.
We would advise you strongly to stay away from cybercriminals like the ones responsible for the Krusop Ransomware. Such individuals are known for not holding up their end of the bargain so that it is very likely that you will be tricked even if you decide to pay up. Instead, you should look into obtaining a reputable anti-virus software suite and use it to remove the Krusop Ransomware from your system safely.
