Chch Ransomware

The Chch Ransomware is a file-locking Trojan that takes your pictures, music, documents, databases, and other media hostage by encrypting it. This attack will keep files from opening, besides adding cosmetic extensions to their names, which the Trojan monetizes through a ransom note. Users can back their work up for recovering securely and depend on appropriate anti-malware solutions for removing the Chch Ransomware.

More File-Ransoming Problems for Windows Machines

What could be a variant of the GarrantyDecrypt Ransomware is getting caught and analyzed in threat databases as of early December. Many of this new Trojan's symptoms are generic, and the Chch Ransomware has many possible sources of lineage, including the option of being a totally-independent programming project. Whatever the software's past and history are, it includes all of the features that are typically indicative of blocking files and extorting money out of its victims – such as the owner of an average, non-secured server or business network.

Multiple AV vendors are identifying the Chch Ransomware as a possible variant of the GarrantyDecrypt Ransomware, but its payload bears a resemblance to countless other Trojans. The core features that malware researchers confirm include:

• The Chch Ransomware uses encryption for stopping the user's media from opening, such as JPGs, documents like PDFs or DOCs and spreadsheets like XLSXs. Some samples of the Chch Ransomware may target a 'test' folder instead of the rest of the PC, although changing the directories is a triviality.
• The Chch Ransomware marks each locked file's name with the 'chch' extension but doesn't remove the preexisting one (for instance, 'image.bmp' would become 'image.bmp.chch'). This feature is commonplace in file-locking Trojans.
• The Chch Ransomware creates an English-language text message with its simple ransoming demands of recommending contact with a provided e-mail and giving the victim an ID for the negotiations. Ultimately, paying such ransoms may or may not offer any decryption or file-unlocking service to the buyer. Users should be cautious about cryptocurrency payments, especially, due to their refunding limitations.

A Guarantee of Safety against a GarrantyDecrypt Ransomware Child

Assuming that the Chch Ransomware is a variant of the GarrantyDecrypt Ransomware, the free unlocking options for any files are not very hopeful. Users should secure their backups on appropriate, secondary devices and drives in all cases, and remain aware of the danger of cryptographic attacks against digital media. In rare cases, even network-attached storage or NAS devices are at risk.

While malware analysts confirm the Chch Ransomware's being a 32-bit Windows program, little data is available on what more specific targets it could prefer for victimizing files. Some file-locker Trojans, such as the STOP Ransomware family, use brute-force attacks against weakly-secured servers or even torrents. Others will employ Exploit Kits running through the victim's browser or e-mail phishing tactics. Responsible password management and Web-browsing habits concerning interactions with scripts and macros, especially, will keep these infection vectors threatening minimally.

Rates for relevant security products' detecting the Chch Ransomware aren't universal entirely. However, most products will flag and delete the Chch Ransomware appropriately and, by doing so, prevent the file-damaging attacks.

The Chch Ransomware could be a representative stand-in for nearly every file-locking Trojan sending out ransoms on Windows computers as of the past few years. What its existence best proves is that there's still money to make out of taking advantage of users without backups – which is why everyone should have at least one.