Tocue Ransomware
An increasing number of cyber crooks decide to try their luck in creating and spreading ransomware threats. The ones that are highly-skilled are able to build a data-locking Trojan from scratch, but the more inexperienced cybercriminals resort to using the code of already existing ransomware threats only to tweak and use for their own ends slightly. An example of the latter is the newly spotted Tocue Ransomware. This Trojan is a variant of the infamous STOP Ransomware.
Propagation and Encryption
It is not yet clear what propagation methods have the authors of the Tocue Ransomware used in the spreading of their creation. Some malware researchers speculate that the cyber crooks responsible for the Tocue Ransomware have likely employed mass spam email campaigns, alongside fake software updates and pirated variants of legitimate applications to propagate the Tocue Ransomware. Regardless of how the Tocue Ransomware ends up on one's system, it will always start off the attack in the same manner – by triggering a brief scan. The scan's goal is to locate all the files that will be marked for encryption. Next, the Tocue Ransomware will begin encrypting the targeted data. All the damaged files will have their names changed. The Tocue Ransomware applies a '.tocue' extension. This means that an image you had named 'empty-autumn.jpg' will be renamed to 'empty-autumn.jpg.tocue.'
The Ransom Note
Then, the Tocue Ransomware will drop its ransom note. The note is named '_readme.txt,' which is the signature move of most ransomware threats that belong to the STOP Ransomware family. The note reads:
'ATTENTION!
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-sdfm0uGug2
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
gorentos2@firemail.cc
Our Telegram account:
@datarestore
Mark Data Restore
Your personal ID:
-'
In the note, the attackers do not mention the ransom fee. They only give out two email addresses where they expect to be contacted by the victim – 'gorentos@bitmessage.ch' and 'gorentos2@firemail.cc.' They also provide a Telegram contact @datarestore.
We advise you to keep your distance when it comes to dealing with cyber criminals. There is no guarantee that they will provide you with the decryption key promised. Instead, you should obtain a reputable anti-malware application, which will wipe off the Tocue Ransomware from your computer.
