Written by Tomas Meskauskas on 07 November 2019 ▼ REMOVE IT NOW Get free scanner and check Spyhunter.Corpseworm ransomware removal instructions What is Corpseworm? Credit for discovering Corpseworm belongs to Alex Svirid .This malicious software is a variant of Cryakl ransomware; designed to encrypt data and demand a ransom for its decryption.During the encryption process all affected files are appended with ” [CS 1.7.0.1] “, developers’ email address and an extension consisting of a random string of characters (” [CS 1.7.0.1][[email protected]].[random_string] “).
For example, a file like ” 1.jpg ” would appear as something similar to ” 1.jpg[CS 1.7.0.1][[email protected]].zyk “, and so forth for all of the compromised files.
After this process is complete, a text file – ” README.txt ” is created on the victim’s desktop.The text file informs users that, if they wish to decrypt their data – they are to write to the email address provided or establish contact through the Telegram messaging application.
It is expressly advised against communicating with cyber criminals and/or meeting their demands.In most ransomware infection cases, despite paying – victims do not receive the promised decryption tools/keys (thereby leaving their files encrypted and worthless).After analyzing a sample, the encryption tool used for Corpseworm infection was found to be manual.In other words, the encryption process was not automated and had to be performed by hand.Therefore, there’s a high probability that criminals behind Corpseworm hijack computers and encrypt data manually.
This method is very time consuming and ineffective when victimizing regular home users.Hence, this technique is more prevalent in infections targeting large servers of various companies.The encryption tool itself does not have a decryption function; meaning, if the cyber criminals do not possess software capable of breaking the encryptions – they cannot restore the encrypted files.Removing Corpseworm will not revert the affected data to its original state.
However, removal will prevent it from further encryptions.The only possible solution is restoring the compromised files from a backup.Given, if one was made prior to the infection and stored separately.Screenshot of a message encouraging users to pay a ransom to decrypt their compromised data: GodLock , Toec , CYBORG are a few examples of ransomware similar to Corpseworm.
Nearly all malicious software of this type encrypts data and keeps it locked, until a ransom is paid.Key differences include the cryptographic algorithm they use ( symmetric or asymmetric ) and the ransom size.These payments usually range between three-digit and four-digit sums.Cyber criminals tend to prefer digital currencies (e.g.
cryptocurrencies, pre-paid vouchers, etc.), as transactions of such are difficult/impossible to trace.Unless a ransomware is still in development and/or has certain weaknesses/flaws – decrypting files with third party software is impossible.To ensure data safety – backups should be kept in remote servers and/or unplugged storage devices.Ideally, several backup copies should be stored in different locations.
How did ransomware infect my computer? Ransomware and other malware is most commonly spread via trojans, spam campaigns, untrustworthy download channels, fake software updaters and “cracking” (activation) tools.Trojans are a type of malware, primarily designed to cause chain infections (i.e.
download/install other malicious programs).Massive scale spam campaigns are used to send out deceptive emails with infectious attachments (or web-links leading to such).These emails are usually highlighted as “official”, “important”, “urgent” or otherwise marked as priority mail.The attached files come in various formats (e.g.archive and executable files, PDF and Microsoft Office documents, JavaScript, etc.); once opened – they begin downloading/installing malware.
Untrustworthy download sources include: unofficial and free file-hosting sites, P2P sharing networks (BitTorrent, eMule, Gnutella, etc.) and other third party downloaders.
Unreliable channels are far more likely to offer deceptive and/or bundled content for downloading.Fake updaters abuse weaknesses in outdated software and/or simply install malware, rather than updates.Program “cracking” tools infect systems similarly, by downloading/installing malware instead of activating licensed product.Threat Summary:.
