Threat Database Ransomware Kurosaki_ichigo@tutanota.com

Kurosaki_ichigo@tutanota.com

By GoldSparrow in Ransomware

The Kurosaki_ichigo@tutanota.com Ransomware is an encryption ransomware Trojan that is a variant of CryptConsole, a known ransomware Trojan. The Kurosaki_ichigo@tutanota.com Ransomware carries out a typical encryption ransomware attack, making the victims' files unable to be opened and then demanding a ransom payment. Victims of the Kurosaki_ichigo@tutanota.com Ransomware are instructed to contact the criminals via an email address after which the Kurosaki_ichigo@tutanota.com Ransomware is named. The Kurosaki_ichigo@tutanota.com Ransomware has several variants, each using a different contact email address.

How the Kurosaki_ichigo@tutanota.com Ransomware Carries Out Its Attack

The Kurosaki_ichigo@tutanota.com Ransomware is designed to make the victim's files inaccessible, taking them hostage. To do this, the Kurosaki_ichigo@tutanota.com Ransomware uses the AES and RSA encryptions to make the victim's files unreadable unless they have the decryption key. Threats like the Kurosaki_ichigo@tutanota.com Ransomware will target the user-generated files, such as media files, documents, databases, and numerous other files. The data that threats like the Kurosaki_ichigo@tutanota.com Ransomware will target in these attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Unfortunately, after the Kurosaki_ichigo@tutanota.com Ransomware encrypts the files, they cannot be recovered without the decryption key, making it necessary to have backup copies to be fully protected from these threats.

The Kurosaki_ichigo@tutanota.com Ransomware's Ransom Demand

After the Kurosaki_ichigo@tutanota.com Ransomware encrypts the victim's files, this threat demands a ransom payment from the victim. The Kurosaki_ichigo@tutanota.com Ransomware's ransom demand is carried out in a text file named 'README.txt,' which is dropped on the infected computer's desktop. The text contained on the Kurosaki_ichigo@tutanota.com Ransomware ransom note reads:

'Your files are encrypted!
YOUR PERSONAL ID [random characters]
---------------------------------------------------------------------------------
Discovered a serious vulnerability in your network security.
No data was stolen and no one will be able to do it while they are encrypted.
For you we have automatic decryptor and instructions for remediation.
For instructions, write to us on one of our mails kurosaki_ichigo@tutanota.com or Suzumiya_Haruhi@tutanota.com
---------------------------------------------------------------------------------
You will receive automatic decryptor and all files will be restored
---------------------------------------------------------------------------------
* To be sure in getting the decryption, you can send one file(less than 10MB) to kurosaki_ichigo@tutanota.com or Suzumiya_Haruhi@tutanota.com
In the letter include your personal ID(look at the beginning of this document).
Attention!
Attempts to self-decrypting files will result in the loss of your data
Decoders other users are not compatible with your data, because each user's unique encryption key'

It is not an approved idea to follow the instructions in the Kurosaki_ichigo@tutanota.com Ransomware's ransom note or contact the criminals responsible for the attack. Paying these ransoms allows criminals to continue creating and distributing threats, and rarely results in the return of the affected data (in most cases, the payment is ignored, and the victim may be targeted for additional attacks).

Trending

Most Viewed

Loading...