CryptConsole v3 Ransomware

The CryptConsole v3 Ransomware is an update of the CryptConsole Ransomware, a Trojan that pretends to encrypt your files, despite only renaming them. This version of the Trojan includes a real, data-locking feature, and victims of its attacks should seek decryption assistance from reputable members of the cyber-security industry, as appropriate. Maintain strong network login security and scan all new files with anti-malware software for blocking traditional infection methods and deleting the CryptConsole v3 Ransomware before you incur any file damage.

The Console Gets an Update that the Public Should Dread

The CryptConsole Ransomware family, a minor copycat of the Globe Ransomware, was noticeable from its lying about its payload initially: presenting all the appearances of a file-locking Trojan without the associated dangers of data encryption. Victims of these early attacks could recover their files with a freeware application or, even by renaming them. However, its threat actors have yet to abandon the project, and its new version, the CryptConsole v3 Ransomware, is using real, file-locking techniques.

The CryptConsole v3 Ransomware's executable is circulating with a fake 'Microsoft Updater' label and includes some obfuscation to, theoretically, hide it from different security solutions. The threat encrypts media files, such as documents, using an algorithm such as AES-256, XOR or RSA. Hexadecimal strings in brackets and e-mail addresses associated with the threat actor's ransoming transactions are also symptoms of a 'locked' file.

While previous releases delivered advanced Web page-based messages, the CryptConsole v3 Ransomware transitions to using a TXT Notepad file for its ransom note. The instructions are a clone of those from other file-locker Trojans' campaigns but have an update to the ransom amount (fifty USD) and a new e-mail address for communicating on further details. As a rule, malware analysts suggest contacting appropriate industry experts for their decryption help before paying for a criminal's assistance, assuming that no other way of recovering the encrypted media is possible.

Keeping Your Media from Getting the Wrong Console Experience

Although it's not impossible that a fake Microsoft update file could circulate via spam e-mails, malware experts rate it most likely that the CryptConsole v3 Ransomware's campaign is using brute-force or RDP-based infection vectors. Such attacks take advantage of weak password management for gaining remote control over vulnerable PCs and, then, running file-locking Trojans like the CryptConsole v3 Ransomware for locking the locally-stored media. Despite its obfuscation, most anti-malware programs are detecting the CryptConsole v3 Ransomware and should block the Trojan before it encrypts anything in other installation scenarios.

Free decryption software is available for the CryptConsole v3 Ransomware, but users should create copies before testing the compatibility of the program with their files. Non-local backups also are the best strategy for protecting documents, spreadsheets, and other media from file-locking Trojans of all families, whose attacks aren't always decryptable. Since it doesn't include self-distribution features, deleting the CryptConsole v3 Ransomware should make use of complete system scans by anti-malware products that also can identify other security issues.

Glancing at the CryptConsole v3 Ransomware's note and assuming that it will help you identify what decryption application works for it can be a quick path towards damaging your files beyond restoration. The very nature of the threatening software industry makes trusting your eyes a bad idea when it comes to dealing with infections with significant side effects.

Update

The 'xzet@tutanota.com' Ransomware is a variant of the CryptConsole v3 Ransomware, which has gained some popularity among cybercriminals in the past few months, and we have seen several unique variants like the Kurosaki_ichigo@tutanota.com Ransomware. The newest variant does not include any major improvements regarding functionality and, thankfully, this means that the 'xzet@tutanota.com' Ransomware is likely to be decryptable via the free decryptor that is available for the main CryptConsole v3 Ransomware.

Since the 'xzet@tutanota.com' Ransomware is not spread widely, there is no accurate information regarding the propagation techniques, which might be used to spread this harmful application. One of the commonly used techniques to propagate ransomware is fake e-mail messages, but the authors of the 'xzet@tutanota.com' Ransomware also might rely on alternative methods such as fake downloads or attacks on vulnerable remote desktop software. Regardless of the infection vector used, the 'xzet@tutanota.com' Ransomware will always carry out the attack in the same way – it encrypts a broad range of file types and then offers to provide the victim with a decryptor in exchange for money.

The authors of the 'xzet@tutanota.com' Ransomware demand a ransom payment of 0.112 Bitcoin, and deliver their message with the help of the file called ‘HOW DECRIPT FILES.hta.’ Surprisingly, the 'xzet@tutanota.com' Ransomware uses a ransom note design identical to the one used by the Globe Ransomware.

Although the victims of the 'xzet@tutanota.com' Ransomware might be tempted to negotiate with the cybercriminals behind the attack, we would like to assure them that this is a bad idea. The anonymous hackers who use the 'xzet@tutanota.com' Ransomware to encrypt files are not someone to be trusted, and you should not forget that they might trick you out of your money. The correct thing to do when dealing with the 'xzet@tutanota.com' Ransomware or another file-locker based on CryptConsole v3 Ransomware is to install and run a trustworthy anti-virus product that will ensure the full removal of the file-locker immediately. When this is done, you should use the free CryptConsole decryptor, which should help you recover your files.

Technical Details