AnonTsugumi Ransomware Demands Bitcoin Payment

AnonTsugumi is the name of a malicious application that functions as ransomware. This malicious software encrypts files, adds the ".anontsugumi" extension to the filenames of the files it encrypts, alters the desktop wallpaper, and delivers a ransom note inside a plain text file named "README.txt".

AnonTsugumi uses the following pattern for renaming encrypted files: "1.jpg" gets transformed into "1.jpg.anontsugumi," "2.png" becomes "2.png.anontsugumi," and so on.

The ransom note states that all the victim's files have been encrypted due to their computer being infected by ransomware. It underscores the severity of the situation by emphasizing the impossibility of decrypting the files without the help of the attackers.

The note suggests that the victim can regain access to their data and remove the ransomware after paying ransom and obtaining a decryption key from the AnonTsugumi operators. This solution involves obtaining specialized decryption software, which should have the capability to restore all lost data and eradicate the ransomware infection.

The contact information provided is a Telegram username: @anontsugumi. Payment details include the accepted cryptocurrency (Bitcoin) and a Bitcoin wallet address.

AnonTsugumi Ransom Note Lists Telegram Handle for Contact

The complete text of the AnonTsugumi ransom note reads as follows:

All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.

What can I do to get your files back?
You can buy our special decryption software, this software will allow you to recover all of your data and remove the cooties from your computer.

The price for the software is any donation!!

Payment can be made in Bitcoin only.

Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy it.

Contact me because im bored.
Telegram: @anontsugumi

Payment information Amount: ANY BTC
Bitcoin Address: alphanumeric string

Can You Restore Your Files Following a Ransomware Attack?

Restoring your files following a ransomware attack can be challenging, but it is possible in some rare cases. Here are the steps you can take:

Isolate and Remove the Ransomware:
First, disconnect the infected computer or device from the network to prevent the ransomware from spreading. Remove the ransomware from your system using antivirus or anti-malware software.

Check for Backups:
If you have regular backups of your data, you can restore your files from these backups. Ensure that your backups are not infected with ransomware before restoring.

Check for Decryption Tools:
Some ransomware strains have known decryption tools available from security organizations or law enforcement agencies. Check online resources like NoMoreRansom.org to see if a decryption tool is available for the specific ransomware that attacked your system.

Contact Law Enforcement:
Report the ransomware attack to your local law enforcement agency or cybercrime unit. While they may not be able to immediately help with decryption, it's essential to document the incident.