A ransomware computer virus, carrying the ironical name CA$HOUT has been detected by security researchers. CA$HOUT’s end goal is to get the victim of the infected computer to pay $100 in order to get his files restored back to their original state and become accessible once more. The virus uses encryption mode to make the files not openable to reach this end goal. Read this article if you have become a victim of the CA$HOUT ransom virus.
|Short Description||Appends encryption on the documents, photos, audio files, archives and other data on the infected computer.|
|Symptoms||Drops a lockscreen, named “CA$HOUT”. It aims to scare the victim off into paying $100 to get his files restored back to their original state.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by CA$HOUT |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss CA$HOUT.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
How Is CA$HOUT Ransomware Spread
CA$HOUT ransomware virus is programmed to infect while remaining undetected. It can be prevented, however. Ransomware threats, like this often tend to use e-mail spam messages to spread. This is the convincing e-mail from PayPal that there is suspicious activity on your e-mail account, the e-mail from your bank, from eBay or any other institutions. Usually, those e-mails have malicious objects embedded in them. These objects are either malicious files or malicious web links. Sometimes the cyber-criminals use archives to mask the malicious files, so that they cannot be detected, for example:
Other methods by which CA$HOUT ransomware virus may have infected your computer system are to spread the virus via torrent websites or websites that are suspicious. The malware may come as fake updates, activation programs, like cracks and other such software. It can also automatically infect your computer if you have other, malware on it, like a Trojan Horse, for example.
CA$HOUT Ransomware – More Information
As soon as you become infected by CA$HOUT ransomware, the virus may connect to a distribution server and download the malicious files of the virus. The payload of CA$HOUT ransomware consists of the following files:
These files may be located anywhere on the %SystemDrive% of your computer. One of them is the file which encrypts your important data and the other is the lockscreen of CA$HOUT Ransomware which aims to convince you into paying $100. The lockscreen looks like the following:
In addition to this, CA$HOUT ransomware may also create multiple Windows registry entries on your computer. They are basically value strings added in sub-keys of the Windows Registry Editor. These sub-keys are usually the following:
These keys are primarily targeted and in them, CA$HOUT may have value strings with data in them that points out to the actual location of the malicious virus file responsible for encrypting your data.
How Does CA$HOUT Encrypt Files
Similar to many other file-encryption viruses, CA$HOUT replaces segments of data from original files with data from the encryption algorithm it uses which is presently unknown. From there, the virus begins to perform multiple different activities that generate a unique decryption key. This key is sent to the cyber-criminals, making them the only ones possible to decode the files directly. However, no matter how dire the situation is, security experts do not advise paying the ones, who are infecting with CA$HOUT ransomware, because:
- You support criminal activity.
- It is no guarantee you will get your files back.
CA$HOUT ransomware may encrypt the files with the following file extensions if it detects them on your computer:
“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG” Source:fileinfo.com
Remove CA$HOUT andyou’re your Data Back
In order to remove CA$HOUT ransomware we advise you to follow the removal instructions below. They are specifically designed to help you delete the files by isolating the virus in Safe Mode. However, tampering with malicious files may be risky if you lack the experience. This is the main reason why experts advise that a ransomware-specific removal scanner should be sought out to delete the virus files automatically.