ZuCaNo Ransomware

ZuCaNo Ransomware Description

The ZuCaNo Ransomware is a malware threat that can impact heavily any system it manages to compromise. After analyzing the underlying code, infosec researchers determined that ZuCaNo is a variant from the Xorist Ransomware family. While this means that the threat lacks any major improvements, users shouldn't underestimate its destructive potential. After all, ZuCaNo is capable of locking a large number of popular filetypes, rendering them inaccessible and unusable. Whenever a file is encrypted, '.ZuCaNo' will be appended to its original name as a new extension.

After completing its encryption process, the threat proceeds to deliver its ransom note. It takes no chances and uses all available methods to ensure that the victim will see the instructions from the hackers. First, a ransom message will be dropped inside text files named 'HOW TO DECRYPT FILES.txt' file. Then, a pop-up window will be generated on the screen of the breached system. Finally, the default Desktop wallpaper will be substituted with one provided by the threat. The text in all three places is identical.

ZuCaNo Ransomware's Demands

According to the message, the hackers want to receive a payment made using the Bitcoin cryptocurrency. The exact amount of the ransom is set at 0.03 BTC (Bitcoin). Despite the recent slump in the exchange rate of the coin, the cybercriminals still want to receive over $1000 to provide their victims with the required decryption keys and tools to restore their data. The money must be transferred to the crypto wallet address found inside the ransom note. After completing the payment, ZuCaNo Ransomware's victims are expected to establish contact by sending a message to the 'zucano@tuta.io' email address.

Dealing with the consequences of a ransomware attack can be extremely stressful. However, the users should remain calm and not rush into things that might expose them to further security risks. Ignore the message from the unscrupulous people responsible for unleashing threats and, instead, clean your system with a professional anti-malware product. After ZuCaNo has been eradicated completely, try to restore the locked files by using a suitable backup.

The full text delivered via a pop-up window, Desktop wallpaper, and 'HOW TO DECRYPT FILES.txt' files is:

'Hi, as you can see, all your files are encrypted.
Don't panic, you can decrypt them, you just have to pay me for the ransom.

Payment is made only by bitcoin, and the amount you have to pay is 0.03 BITCOIN
You can buy very easily from these sites:
www.localbitcoins.com
www.paxful.com

A list of several sites where you can buy bitcoin can be found here:
hxxps://bitcoin.org/en/exchanges
Make sure the address where you will send the bitcoin is: 1DENGvxJZofU9BVfiScrgZHhhntJ3sAPSd

After sending, contact us at this email address: zucano@tuta.io
With this subject: -

After confirming the payment, you will receive a tutorial and the keys for decrypting the files.'