Threat Database Ransomware TheCursedMurderer Ransomware

TheCursedMurderer Ransomware

Malware researchers have spotted a new ransomware threat. This newly uncovered data-locking Trojan has been named TheCursedMurderer Ransomware. This threat does not appear to belong to any of the popular ransomware families.

Propagation and Encryption

Mass spam email campaigns are one of the most widely used propagation methods in regards to ransomware threats. Usually, targeted users would receive a fake email, which would contain a bogus, engineered message and a corrupted attachment. The goal of the fraudulent message is to convince the user to launch the attached file. Malvertising operations, fake application updates, infected copies of popular media, and software are among other commonly used infection vectors.

The TheCursedMurderer Ransomware threat would lock all the user’s audio files, images, documents, archives, videos, databases, etc. The more files a ransomware threat manages to lock, the more likely it is to manipulate the victim into paying the sum required for the decryption key. The locked files would get a new extension once they undergo the encryption process of the TheCursedMurderer Ransomware. This data-encrypting Trojan appends a ‘.aes’ extension to the end of the names of the affected files. For example, a file, which may have been named ‘snow-rabbit.mp3’ initially, will be renamed to ‘snow-rabbit.mp3.aes’ when the TheCursedMurderer Ransomware locks it. The name of the extension may be in reference to the encryption algorithm utilized in the attack.

The Ransom Note

The ransom note dropped on the user’s desktop is contained in a file called ‘instructions.txt.’ Users are asked to pay a ransom fee of $100 in the shape of Bitcoin. Many cyber crooks prefer to be paid via cryptocurrency, as this helps them protect their anonymity and avoid facing negative consequences. The authors of the TheCursedMurderer Ransomware demand to be contacted via email and have provided an email address for the purpose – ‘iknowyouandiseeyou@protonmail.ch.’ It is likely that the attackers have chosen to name their email address ‘iknowyouandiseeyou’ as yet another social engineering trick designed to intimidate their victims and further pressure them into paying the sum demanded. However, this is nothing more than a cheeky trick.

It is not advisable to pay the fee certainly. Most creators of ransomware threats do not provide their victims with a decryption tool even if they pay the ransom fee demanded. This is why it is best to consider obtaining a reputable anti-malware application that will remove the TheCursedMurderer Ransomware from your computer safely.

Trending

Most Viewed

Loading...