Canadian Ransomware Asks for Ransom in Canadian Dollars

Canadian ransomware is the name assigned to a newly discovered strain of file-encrypting malware.

The new ransomware variant works like most similar malware - it will encrypt files on the victim system and leave them in an unopenable state.

The ransomware appends the ".canadian" extension after the names and extensions of encrypted files, which is why the malware was given the same name because it has very few other unique characteristics.

Canadian ransomware will encrypt documents, media files and archives.

The ransom note is dropped in a file named "DECRYPT YOUR FILES.txt" and the full text goes as follows:

Your Files Are Encrypted. To Decrypt Them, Please Send An Email To rebcoana@gmail.com.
The Ransom Demand Is Only 50 Canadian Dollars So You Should Be Able To Pay It, Except If You Are Poor 🙂
You Thought All Canadians Were Nice? Think About It For A Second.

The ransom is almost negligible in its amount but that still does not mean you should negotiate with ransomware actors. Restoring your files from a backup remains the best course of action.

November 21, 2022