Removal of Ctpl Ransomware

The Ctpl Ransomware is a variation of the Dharma Ransomware, and this means that it is impossible to crack its encryption via free utilities. The malware uses a flawless file-locking mechanism, which is guaranteed to leave the compromised machine with a hard drive full of encrypted files. The Ctpl Ransomware goes after popular file types like documents, media, databases, archives, and others. The damaged files will have a new suffix added next to their original name – '.id-<VICTIM ID>.[catapultacrypt@tuta.io].ctpl.' While both Dharma and Ctpl use a similar suffix to rename locked files, they rely on different names for the ransom note. The Ctpl Ransomware is using the file 'MANUAL.txt' to deliver the demands of the criminals behind the attack.

The offer of Ctpl Ransomware's creators is not surprising. They threaten their victim that they will be unable to recover their data via 3rd-party tools, and their only viable option is to pay for the decryption services of the attackers. The criminals offer a paid decryption service, which may cost hundreds of dollars and, on top of this, they demand to receive the money via Bitcoin.  

The criminals offer to unlock one file for free, but they warn the victim that the full decryption service will only be available to paying customers. The crooks also provide two emails for contact – catapultacrypt@tuta.io and catapultacrypt@cock.li.

If the Ctpl Ransomware has taken over your files, then you should not consider complying with the demands of the attackers. Even if you send them the Bitcoin, it is highly unlikely that they will reply or return your files. Do not risk being scammed and, instead, run an antivirus tool to eliminate the Ctpl Ransomware. After the file-encryption Trojan is gone, you can proceed to try out other data recovery measures.

April 6, 2021

Leave a Reply