Tunca Ransomware

The Tunca Ransomware is an encryption ransomware Trojan that carries out a typical version of this attack, encrypting the victim's files to take them hostage and then demanding a ransom payment from the victim. These attacks are becoming more common increasingly, and it is important that computer users take steps to protect their data preemptively by establishing file backups and installing a security program that is fully up to date.

How the Tunca Ransomware Carries Out Its Attack

The Tunca Ransomware seems to be in development and is deployed using the Microsoft .NET framework. The Tunca Ransomware uses a strong encryption algorithm to make the victim's files inaccessible, adding the file extension '.tunca' to each file encrypted by the attack. The Tunca Ransomware targets the following file types in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The purpose of these attacks is to take the victim's files hostage, making them inaccessible so that there's no option but to make a ransom payment to access the files.

The Tunca Ransomware Ransom Demand

The Tunca Ransomware displays a pop-up window as a ransom note, which when clicked on displays an error message, making it apparent that the Tunca Ransomware Trojan may still be in development since its ransom note contains several bugs. The Tunca Ransomware ransom note's content, which appears in the Tunca Ransomware's pop-up window, reads:

'Ooops, it seems like all of your files have been encrypted with AESencryption algorithm.

How to get the free decryptor?
-Create a link on grabify that will download your victim the ransomware
-With this, infect at least 10 people
-Send proof to : Lockify@protonmail.com
-Get your decryptor'

The Tunca Ransomware demands its ransom payment in the form of PaySafe cards, a somewhat outdated sort of payment that predates the rise of the cryptocurrency. Today, the preferred anonymous payment method by these threats is Bitcoin. The use of outdated payment methods and buggy software makes it apparent that the criminals behind the Tunca Ransomware attack do not have many resources or this is not a high-profile operation.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Tunca Ransomware

Site Disclaimer