Chinz Ransomware Virus
Chinz is a new crypto infection that is based on the code of the Phobos ransomware. It has been spotted in active attack campaigns against users worldwide. The threat is designed to corrupt both computer systems and personal files. It has the primary goal to extort a ransom fee from its victims. The ransomware interferes with essential system settings and then performs data encryption process. All malicious operations happen in the background of all other active processes. In the end, Chinz ransomware drops a text file that contains a message by hackers. It requests a ransom payment for the decryption of encrypted .id[1E957G00-2675].[yuzhou13@tutanota.com].chinz files. However, even hackers could not guarantee the recovery of .chinz files as their decryption tool may be unable to decode them.
For the sake of your security, we recommend that you avoid negotiating with cybercriminals. Кeep up with our removal guide to find how to get rid of malicious entries and attempt to restore encrypted .chinz files.
Chinz Ransomware Summary
| Name | Chinz |
| Type | Ransomware, Cryptovirus |
| Short Description | Severe malware that is designed to encrypt valualbe files stored on compromised computers so that it can then extort ransom fee from victims. |
| Symptoms | Files are encrypted and renamed with .id[1E957G00-2675].[yuzhou13@tutanota.com].chinz extensions. Ransom message extorts a payment for files recovery. |
| Distribution Method | Spam Emails, Email Attachments, Corrupted Software Installers, Hacked Websites |
| Detection Tool | See If Your System Has Been Affected by Malware Download Malware Removal Tool | User Experience | Join Our Forum to Discuss Chinz Ransomware. |
| Data Recovery Tool | Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive. |
Chinz Virus Files (Phobos Ransomware) – How Did I Get It and What Does It Do?
Chinz ransomware is a cryptovirus based on the code of the Phobos ransomware. The attack campaigns are realized via distribution techniques that deliver malicious files on target operating systems. Such techniques are malspam, corrupted software installers, torrent files, fake software update notifications and hacked websites.
Malspam is highly likely to be the main spread channel. Malspam is called to spam email messages that attempt to deliver malicious software on computer systems. These emails have a few common traits. They often pose as representatives of well-known companies. They contain a file attachment or a clickable URL address, or both. Their text often requires immediate action.
A load of Chinz Phobos ransomware’s payload on a target system leads to a complex attack that passes through a few stages. During the attack, Chinz virus applies lots of malicious modifications that enable it to misue system processes for privilege escalation and set malicious files to execute automatically. It also becomes able to activate a built-in cipher module to complete a sophisticated data encryption process.
During data encryption stage, Chinz virus scans all system drives for target files and encodes them with a strong cipher algorithm. Among the types of files corrupted by Chinz ransomware may be:
→ .sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt
Unfortunately, the encryption process restricts the access to corrupted files. Files encrytped by this Phobos ransomware strain can be recognized by a specific sequence of extensions that ends with the .chinz. For example, the file photo.jpg appears as photo.jpg.id[1E957G00-2675].[yuzhou13@tutanota.com].chinz.
After the completion of all malicious modifications and data corruption, the ransomware creates two ransom messages that it displays on the screen. The ransom messages dropped by Chinz virus aims to convince you that you need to pay hackers a ransom fee so that you can decrypt .chaniz files.
Here is the text shown by these messages:
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail yuzhou13@tutanota.com
Write this ID in the title of your message 1E857D00-2875
In case of no answer in 24 hours write us to this e-mail:kaidrake@cock.li
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
And:
!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: yuzhou13@tutanota.com.
If we don’t answer in 24h., send e-mail to this address: kaidrake@cock.li
We know that you need to restore .chinz files but we strongly advise you to refrain from transferring money to cybercriminals. For the sake of your security, we recommend that you clean malicious files from the infected system, back up encrypted files and consider the help of alternative data recovery methods.
Remove Chinz Virus (Phobos Ransomware) and Restore Data
The so-called Chinz virus is a threat with highly complex code that heavily damages both essential system settings and valuable files. So the only way to use securely your infected computer system is to remove all malicious files and objects created by the ransomware. For the purpose, you should complete a specific removal process. The ransomware removal guide that follows reveals how to clean the virus from the system – manually and automatically. If you don’t feel quite comfortable with the manual steps, it will be better to download the presented advanced anti-malware tool as it will do the job for you.
In the event that you want to attempt to restore .chinz files check step five – Try to Restore files encrypted by Chinz Ransomware that reveals reliable alternative data recovery methods. We remind you that copies of all encrypted files should be kept on an external drive. This measure will prevent their inevitable loss.
Gergana Ivanova
Gergana has a bachelor's degree in Marketing. She has been with the STF team for five years, researching malware, reporting on the latest computer infections, and following digital marketing trends.
Follow Me:
- Guide 1: How to Remove Chinz Ransomware from Windows.
- Guide 2: Get rid of Chinz Ransomware from Mac OS X.
- Guide 3: Remove Chinz Ransomware from Google Chrome.
- Guide 4: Erase Chinz Ransomware from Mozilla Firefox.
- Guide 5: Uninstall Chinz Ransomware from Microsoft Edge.
- Guide 6: Remove Chinz Ransomware from Safari.
- Guide 7: Eliminate Chinz Ransomware from Internet Explorer.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
How to Remove Chinz Ransomware from Windows.
Step 1: Boot Your PC In Safe Mode to isolate and remove Chinz Ransomware
Step 2: Uninstall Chinz Ransomware and related software from Windows
Here is a method in few easy steps that should be able to uninstall most programs. No matter if you are using Windows 10, 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program are left behind, and that can lead to unstable work of your PC, errors with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it. To do that:
Follow the instructions above and you will successfully uninstall most programs.Step 3: Clean any registries, created by Chinz Ransomware on your computer.
The usually targeted registries of Windows machines are the following:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
You can access them by opening the Windows registry editor and deleting any values, created by Chinz Ransomware there. This can happen by following the steps underneath:
Tip: To find a virus-created value, you can right-click on it and click "Modify" to see which file it is set to run. If this is the virus file location, remove the value.Before starting "Step 4", please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Get rid of Chinz Ransomware from Mac OS X.
Step 1: Uninstall Chinz Ransomware and remove related files and objects
1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:
- Go to Finder.
- In the search bar type the name of the app that you want to remove.
- Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
- If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.
In case you cannot remove Chinz Ransomware via Step 1 above:
In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:
You can repeat the same procedure with the following other Library directories:
→ ~/Library/LaunchAgents
/Library/LaunchDaemons
Tip: ~ is there on purpose, because it leads to more LaunchAgents.
Step 2: Scan for and remove malware from your Mac
When you are facing problems on your Mac as a result of unwanted scripts, programs and malware, the recommended way of eliminating the threat is by using an anti-malware program. Combo Cleaner offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Remove Chinz Ransomware from Google Chrome.
Step 1: Start Google Chrome and open the drop menu
Step 2: Move the cursor over "Tools" and then from the extended menu choose "Extensions"
Step 3: From the opened "Extensions" menu locate the unwanted extension and click on its "Remove" button.
Step 4: After the extension is removed, restart Google Chrome by closing it from the red "X" button at the top right corner and start it again.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Erase Chinz Ransomware from Mozilla Firefox.
Step 1: Start Mozilla Firefox. Open the menu window
Step 2: Select the "Add-ons" icon from the menu.
Step 3: Select the unwanted extension and click "Remove"
Step 4: After the extension is removed, restart Mozilla Firefox by closing it from the red "X" button at the top right corner and start it again.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Uninstall Chinz Ransomware from Microsoft Edge.
Step 1: Start Edge browser.
Step 2: Open the drop menu by clicking on the icon at the top right corner.
Step 3: From the drop menu select "Extensions".
Step 4: Choose the suspected malicious extension you want to remove and then click on the gear icon.
Step 5: Remove the malicious extension by scrolling down and then clicking on Uninstall.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Remove Chinz Ransomware from Safari.
Step 1: Start the Safari app.
Step 2: After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.
Step 3: From the menu, click on "Preferences".
Step 4: After that, select the 'Extensions' Tab.
Step 5: Click once on the extension you want to remove.
Step 6: Click 'Uninstall'.
A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the Chinz Ransomware will be removed.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Eliminate Chinz Ransomware from Internet Explorer.
Step 1: Start Internet Explorer.
Step 2: Click on the gear icon labeled 'Tools' to open the drop menu and select 'Manage Add-ons'
Step 3: In the 'Manage Add-ons' window.
Step 4: Select the extension you want to remove and then click 'Disable'. A pop-up window will appear to inform you that you are about to disable the selected extension, and some more add-ons might be disabled as well. Leave all the boxes checked, and click 'Disable'.
Step 5: After the unwanted extension has been removed, restart Internet Explorer by closing it from the red 'X' button located at the top right corner and start it again.
