TheCursedMurderer Ransomware
TheCursedMurderer Ransomware is a file-locking Trojan without known predecessors. Despite its independence, most of its features are traditional for a Ransomware-as-a-Service style threat. They include blocking content through encryption, creating ransom messages, and changing cosmetic aspects of media files. Let your anti-malware tools delete TheCursedMurderer Ransomware once they detect it and always save a backup for recovery without a ransom.
Stabbing Your Files Right Through the Data
As new, file-locking Trojans proliferate in the cracks between the more significant, rental-based families, tracing their lineage becomes an ever more convoluted task for researchers. TheCursedMurderer Ransomware, one of the newer campaigns in the threat landscape, has both new and old features to accompany its extortion over files. Nonetheless, what makes its attacks most memorable is its visual panache – not too different from the movie-referencing Jigsaw Ransomware.
TheCursedMurderer Ransomware locks Word's DOCs, JPG pictures, and other media through a standard, AES-based encryption function. This conversion of data turns each file into unusable content, theoretically, until the victim pays a ransom. The 'aes' extension that TheCursedMurderer Ransomware also places in filenames comes with a matching icon swap, as well, which is a semi-rare feature that the Trojan shares with few other Trojans, such as the GruxEr Ransomware (a remix of Hidden Tear).
The desktop image that TheCursedMurderer Ransomware is content that it 'borrows' from a free wallpaper website and obliquely references a popular Japanese cartoon. It also points the user to its English ransom note – although the latter does include limited use of French. The linked swallet has no transaction history aligning with a ransom, and malware experts recommend keeping it in that state, due to the risks of buying sometimes-nonexistent file unlockers from criminals.
Breaking the Curse of Data Encryption Ahead of Time
The relatively high visual distinction in TheCursedMurderer Ransomware infections makes it less likely that victims will mistake it for a similar Trojan. However, the extension it uses is a prevalent one and is also a facet of the Cardsome Ransomware, the Flotera Ransomware, and the Vortex Ransomware, for example. For victims, the foremost concern always is the prospect of recovering their files; unfortunately, there are no current decryptors compatible with TheCursedMurderer Ransomware for free, and there may never be any.
Malware researchers are seeing some cases of TheCursedMurderer Ransomware's executable crashing with fatal error messages, which may prevent the encryption from happening. While this is a silver lining, users shouldn't depend on glitchy Trojans to preserve their work. Many file-locking Trojans with encryption-interfering bugs will corrupt file data instead of locking it or lose the key that's essential for recovery. A properly-stored backup is integral to retrieving any data under typical infection scenarios.
One out of every two anti-malware services are flagging this threat correctly, and updates should increase those rates, in time. Always remove TheCursedMurderer Ransomware and similar Trojans through appropriate anti-malware utilities or the assistance of experienced cyber-security researchers, in extreme cases.
For now, TheCursedMurderer Ransomware is circulating as a Windows executable by the name of 'AppGive.' What applications one trusts can determine the future of your files – and if one doesn't want to pay a hundred dollars in Bitcoins, one should curate that list strictly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.