TURKEY Ransomware
Cybercriminals have created and are using a new threatening ransomware variant, based on the Chaos malware. Named Turkey Ransomware, this threat is capable of causing significant damage to the computers it is successfully deployed on. Indeed, thanks to the strong encryption algorithm it utilizes, the Turkey Ransomware can leave a wide range of file types in a completely inaccessible and unusable state.
The Turkey Ransomware doesn't have a specific file extension with which it marks the processed files. Instead, it generates a new random 4-character extension for each encrypted file. Additional changes to the infected devices brought on by the Turkey Ransomware include a new desktop background image and the creation of a text file named 'read_it.txt.' The desktop wallpaper is an image of the official flag of Turkey. As for the text file, its role is to deliver a ransom note with instructions for the victims.
Table of Contents
Ransom Note’s Overview
According to the instructions left by TURKEY Ransomware's operators, victims of the threat are told to pay a ransom of $1,500. The money must be transferred to the provided crypto-wallet address using the Bitcoin cryptocurrency. The ransom note states that this is equal to 0.03394 BTC (Bitcoin). However, at the current Bitcoin exchange rate, the stated amount is worth less than $1000.
The ransom-demanding message doesn't provide any other ways to contact the attackers, such as email addresses or accounts for social media or messenger applications. The note also doesn't mention if the hackers are willing to decrypt a couple of small files for free. This is a typical offer found in most ransomware threats, as it demonstrates the ability of cybercriminals to restore their victims' data.
The full text of the message left by TURKEY Ransomware is:
'All of your files have been encrypted with TURKEY ransomware
Your computer was infected with a ransomware. Your files have been encrypted and you won't
be able to decrypt them without our help. What can I do to get my files back? You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer. The price for the software is $1,500. Payment can be made in Bitcoin
only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinbase-hxxps://www.coinbase.com Bitpanda-hxps://www.bitpanda.com
Payment informationAmount: 0.03394 BTC
Bitcoin Address: 17CGtu7UkdyHnzPFRt49mxueKdAmuANMpJ'
SpyHunter Detects & Remove TURKEY Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | 7c30b043554e56bfb17efd4cae92fcd2 | 0 |
