Home Malware Programs Ransomware Kurosaki_ichigo@tutanota.com


Posted: October 18, 2018

The Kurosaki_ichigo@tutanota.com Ransomware is a minor update to the CryptConsole v3 Ransomware, the third version of the CryptConsole Ransomware family. It may keep your files from opening in their associated programs, remove their names, and create messages asking for money. There isn't always a free decryption service available for threats of this type, and users should protect their backups diligently for minimizing encryption-related damage, along with having anti-malware programs that can remove CryptConsole v3 Ransomware securely.

Your Next Server Glitch Includes Free Anime References

Previously a family noted for faking being a part of the Globe Ransomware collective without having the encryption to back it up, the CryptConsole Ransomware is continuing its evolution throughout multiple versions, and some small variants between them. A particularly-new release that malware experts are confirming is the Kurosaki_ichigo@tutanota.com Ransomware, which includes media references and a ransoming message that doesn't imitate the Globe Ransomware. Besides these issues, however, the Kurosaki_ichigo@tutanota.com Ransomware is most important for its feature of blocking files for money.

The newest payloads from the Kurosaki_ichigo@tutanota.com Ransomware's family are using the AES encryption, one of the most prominent means of converting digital media, such as images, documents, spreadsheets or archives into unusable copies. The Kurosaki_ichigo@tutanota.com Ransomware also adds further inconvenience to the server admins by replacing the name with sequences of semi-random numbers and letters, including taking out the extension.

The Kurosaki_ichigo@tutanota.com Ransomware uses Notepad files for its ransom notes, instead of HTA pop-ups, although the overall method of providing an e-mail address and ID for negotiating is static. The threat actor, whose identity isn't clear, also is, apparently familiar with Japanese media – both the addresses in the message are references to characters in Japanese cartoons or anime. However, since the text is in English, malware researchers don’t anticipate Japanese victims especially.

Taking the Randomness Out of Knowing What Your Files Are

Although the references that the Kurosaki_ichigo@tutanota.com Ransomware makes are more superficial than those of file-locker Trojans that include significant graphical components, its campaign is a demonstration of how criminals are maintaining an awareness of the value of brands. There's no free decryptor for the edition of the CryptConsole Ransomware that the Kurosaki_ichigo@tutanota.com Ransomware uses, and backups on another device may be the only guarantee of safety for any encrypted files. Although the Kurosaki_ichigo@tutanota.com Ransomware communicates its warnings in English, Russia also is, potentially, a high-risk target.

Besides backing up your work, you also can protect your PC with the following actions:

  • Review your RDP settings for any changes or weaknesses that would enable a remote attacker's installing unauthorized software.
  • Avoid using combinations of names and passwords that could be compromised by brute-force utilities that can cycle through popular or straightforward strings quickly.
  • Be careful whenever you're opening e-mail attachments, including ones that are real documents, such as Word articles with macros or other, advanced content.

Updating software, in general, also can reduce your risk of being taken advantage of via various vulnerabilities that allow remote code execution and other attacks. Most anti-malware programs are deleting the Kurosaki_ichigo@tutanota.com Ransomware and other members of the CryptConsole Ransomware, but users should update them for improving their accuracy.

Ironically, the Kurosaki_ichigo@tutanota.com Ransomware's name is that of the hero of one anime franchise, but it offers no good deeds, except for the wallets of the criminals. The money-making capabilities of a Trojan without a public decryptor is no more than another hint that server admins need to pay attention to both their login security standards and their backup schedules.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kurosaki_ichigo@tutanota.com may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.