Sunjun Ransomware
After analyzing the Sunjun Ransomware, security researchers concluded that it belongs to the VoidCrypt Ransomware family. The Sunjun Ransomware possesses all the typical features associated with the VoidCrypt Ransomware family of threats. Although there are no improvements to the Sunjun Ransomware functionalities, it is still capable of causing significant harm by blocking the files saved on the compromised systems.
The Sunjun Ransomware applies a powerful encryption process to the targeted files and changes their names drastically. The Sunjun Ransomware family members a pattern when encrypting the files - native name, victim's ID, email address of the attackers and a new file extension, '.Sunjun.' For example, a file named Photos1.jpg' will be renamed to 'Photos1.jpg.[CW-AR9583604271](sunjun3412@mailfence.com).Sunjun.' When the Sunjun Ransomware finishes encrypting the files, it creates and delivers a ransom note as a text file named 'Read.txt.'
Ransom Note's Details
In the message displayed, the threat tells victims that they must send an RSAKEY file, which they will find in the C:/ProgramData folder and the provided ID to sunjun3412@mailfence.com or sunjun3416@mailfence.com email addresses to recover the encrypted files. It also threatens victims of permanent data loss if they try to rename the files or use any software for data decryption.
Victims of Sunjun Ransomware do not have many choices to get back their damaged data unless they have an updated backup of their files because ransom payment should not be an option. However, in any case, the infection should be removed from the affected machine with a professional malware removal tool.
The full text of Temlown Ransowmare's note is:
'All your files have been encrypted. If you want to restore them, write us to the e-mail:sunjun3412@mailfence.com
inCase of no answer :sunjun3416@mailfence.comWrite this ID in the title of your message -
send RSAKEY file stored in C:/ProgramData or other drives in email
Do not rename encrypted files.
Do not try to decrypt your data using third-party software and sites. It may cause permanent data loss.
The decryption of your files with the help of third parties may cause increased prices (they add their fee to our), or you can become a victim of a scam.'
