Ransomware-Virus, sehr viel TeslaCrypt und Locky ähnelt Ransomware, genannt Ransomcuck wurde berichtet, die betroffenen Nutzer zu sperren’ Dateien, die die AES und RSA-Verschlüsselungsalgorithmen. The virus uses the .ransomcuck and .cuck file extensions after it enciphers the files of an infected computer. It then, leaves several ransom notes and users who have become victims of this virus are strongly advised not to pay any money requested by the cyber-criminals in those notes. Since this is a very devastating threat, im Augenblick, we strongly advise removing it and trying to decrypt encrypted files using the alternative methods in this article while an actual decryptor is released.
|kurze Beschreibung||The ransomware seeks to encrypt files that are often used. You are given a deadline to pay, otherwise the price rises.|
|Symptome||Die Ransomware verschlüsselt Dateien, changing thier extensions to .cuck or .ransomcuck. Danach zeigt es eine Erpresserbrief als Desktop-Hintergrund und in einem Pop-up-Fenster auf Ihrem Desktop.|
|Verteilungsmethode||Spam-E-Mails, File Sharing Networks, Ausführbare Dateien|
|Detection Tool|| See If Your System Has Been Affected by Ransomcuck |
Malware Removal Tool
|Benutzererfahrung||Abonnieren Sie unseren Forum to Discuss Ransomcuck.|
|Data Recovery-Tool||Windows Data Recovery von Stellar Phoenix Beachten! Dieses Produkt scannt Ihr Laufwerk Sektoren verlorene Dateien wiederherzustellen, und es kann sich nicht erholen 100% der verschlüsselten Dateien, aber nur wenige von ihnen, je nach Situation und ob Sie das Laufwerk neu formatiert haben.|
Ransomcuck Virus – How Does It Infect
To conduct an attack, Ransomcuck’ malicious payload needs to be dropped on the targeted computer. This can happen in two main ways – via a malicious file that is disguised to trick users into opening it or via a malicious URL that may cause automatic download and execution on the victim PC.
Was auch immer der Fall sein kann, the virus may be spread via spam e-mail messages that may contain both – the URLs or malicious attachments. Once it has been sent out massively to a pre-programmed list of e-mail addresses the messages containing the malicious files may vary. Beispielsweise, one spam message may claim that the user has paid for an order and provide an “Invoice” which could be the malicious file. But there may also be messages, saying the user has been added as a friend on Facebook with a fake “See More” button that instead of leading to Facebook, may transfer the user to a malicious web link that can cause the infection
Ransomcuck Ransomware In Detail
Once Ransomcuck has been executed on your computer, it may directly drop and execute it’s files without any permission and without you noticing. The malicious files may be more than just one .exe file, and they may be located in the following key Windows folders:
The malicious files of Ransomcuck may contain different names, beispielsweise:
Once the Ransomcuck virus is on your computer, it may also attack the Run and RunOnce registry keys, creating value strings with the location of the file encryptor and the ransom notes, so that they are executed every time you start Windows.
After the primary encryption module of the Ransomcuck malware infection has been executed, the virus may look for a variety of file types to encrypt. It looks primarily for files that are important and often used, sowie:
- Dateien, die mit häufig verwendeten Programmen, wie Photoshop, beispielsweise.
The Ransomcuck virus is very clever in its actions, skipping important Windows folders to encrypt files in them because this may damage your operating system.
To encrypt the files of it’s victims, the Ransomcuck virus uses the .cuck or .ransomcuck file extensions after the files. Files encrypted by this ransomware, look like the following and cannot be opened by any software:
This is because the Ransomcuck virus uses two of the strongest encryption algorithms out there to scramble the structure code of the files – AES (Advanced Encryption Standard) and RSA (Rivest-Shamir-Adleman) Chiffren. The AES cipher is being used for one and only purpose to encrypt the files themselves, generating a unique decryption key. This decryption key is then saved and encrypted with the RSA algorithm, and then this information is sent either via TCP or UDP traffic to the servers of the cyber-criminals, making them the only ones in power to unencrypt the files.
Nach der Verschlüsselung, this virus then leaves behind on the %Desktop-% two files:
- How_to_Recover_ Files.html
- How_to_Recover_ Files.txt
The files are reported to contain the following ransom note:
Ransomcuck Virus – Conclusion, Entfernung, und Dateiwiederherstellung Alternativen
Malware researchers believe that this virus has been created by the same coder who was behind the DetoxCrypto Virus. Since they are constantly working and on the lookout for a free decryption method, it is NOT advisable to pay any ransom money to the criminals who are behind this virus. Stattdessen, we advise you to remove it, using the instructions below and try alternative methods to decrypt your files. Bear in mind that for maximum effectiveness while removing Ransomcuck, Experten empfehlen eine erweiterte Anti-Malware-Programm. Some alternative techniques can be found in step “3.Restore files encrypted by Ransomcuck” below. These temporary solutions may not be as effective as the actual decryption key, but they are a good method while you wait for a free decryption to be released. We suggest you to check this article often since we are going to update it as soon as there is a free decryptor available.