Psychopath Ransomware

Psychopath Ransomware Description

The infosec community has discovered another ransomware threat. Tracked under the Psycopath Ransomware name, this piece of malware is capable of causing massive damage to the devices it manages to infect. The goal of the threat is to lock the victim's files via an uncrackable encryption algorithm and then extort them for money in exchange for the potential restoration of the files.

The Psychopath Ransomware modifies the names of the files it encrypts significantly. First, the threat appends a unique ID string that was assigned to the victim. Then, it adds the email address of the hackers - 'psychopath7@tutanota.com.' Finally, a random 4-character string will be placed as a new file extension.

When all target file types on the system have been encrypted, Psychopath will proceed to deliver its ransom notes. One will be displayed in a pop-up window via a 'ReadMe_Now!.hta' file, while the other will be placed in a text file named 'Read_Me!_.txt.'

Ransom Note's Details

The instructions found inside the text file are extremely short. Victims are simply told to email the aforementioned email address at psychopath7@tutanota.com to get more information. The main ransom note is delivered via the pop-up window. It clarifies that victims who fail to contact the attackers within a 48-hour window will need to pay double for the decryption key. The note also mentions a secondary email address that can be used for communication - 'mr.pycho@tutanota.com.' To demonstrate their ability to restore the locked data, the attackers offer to decrypt several files for free. The chosen files, however, must be less than 2MB in size and should not carry any important information.

The message in the text file is:

'Your Data Locked.
To Get Decryption Instructions Email Us ,Don't Edit Files Or Folders !
ID :
Email Address :psychopath7@tutanota.com

The instructions shown in the pop-up window are:

All Your Files Have Been Encrypted !
All Your Files Encrypted Due To A Security Problem With Your PC. If You Need Your Files Please Send Us E-mail To Get Decryption Tools .

The Only Way Of Recovering Files Is To Purchase For Decryption Tools ( Payment Must Be Made With Bitcoin ) . If You Do Not E-mail Us After 48 Hours Decryption Fee Will Double.

Our E-mail Address : psychopath7@tutanota.com

Your Personal ID :

Sent E-mail Should Be Contains Your Personal ID.If Don't Get a Response Or Any Other Problem Write Us E-mail At : mr.pycho@tutanota.com

Check Your Spam Folder Too.
What Guarantee Do We Give You ?

You Can Send Some Files For Decryption Test( Before Paying ). File Size Must Be Less Than 2MB And Files Should Not Contains Valuabe Data Like (Backups , Databases etc … ) .

How To Buy Bitcoins

Get Buy Bitcoin Instructions At LocalBitcoins :

hxxps://localbitcoins.com/guides/how-to-buy-bitcoins

Buy Bitcoin Instructions At Coindesk And Other Websites By Searching At Google :

hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/

Attention !!
Do Not Edit Or Rename Encrypted Files.
Do Not Try To Decrypt Files By Third-Party Or Data Recovery Softwares It May Damage Files Forever.

In Case Of Trying To Decrypt Files With Third-Party,Recovery Sofwares This May Make The Decryption Harder So Prices Will Be Rise.'