cursoDFIR Ransomware Contains Ransom Note in Portuguese

ransomware

While examining new malware samples, we came across cursoDFIR, a type of ransomware designed to encrypt files. Moreover, cursoDFIR adds its extension (".cursoDFIR") to filenames, alters the desktop background, and generates a text document ("meleaicara.txt") containing a ransom message.

An illustration of how cursoDFIR renames encrypted files: "1.jpg" becomes "1.jpg.cursoDFIR", "2.png" transforms into "2.png.cursoDFIR", and so on. This ransom message, composed in Portuguese, demands payment in exchange for decrypting the files that cursoDFIR has locked. It accuses the victim of attempting to download pirated Microsoft software and stipulates payment in digital currency to obtain the decryption key.

It's important to highlight that this ransom message lacks any contact details, which deviates from the norm for ransomware demands. Typically, such messages include instructions for victims to reach out to the cybercriminals to discuss the ransom payment and obtain decryption assistance.

cursoDFIR Ransom Note Composed in Portuguese

The full text of the very brief ransom note generated by cursoDFIR reads as follows:

ESTE RANSOMWARE FOI PARA VOCÊ!

É VOCÊ MESMO QUE TENTOU BAIXAR UM MICROSOFT PIRATA!

PARA DESCRIPTOGRAFAR PRECISA PAGAR

PAGAR 1 MOEDA DIGITAL

Key: EC63E8BE0717BD92C0FFBF7A21749A54

CURSO DE DFIR Mente Binária
Professor: Caique

How Can Ransomware Infect Your Computer?

Ransomware can infect your computer through various methods, including:

Phishing Emails: One of the most common methods is through phishing emails. Cybercriminals send deceptive emails containing malicious attachments or links. When unsuspecting users open these attachments or click on the links, the ransomware is downloaded and executed on their systems.

Malicious Websites: Visiting compromised or malicious websites can also lead to ransomware infections. These websites may contain exploit kits that automatically download and install ransomware onto visitors' computers by exploiting vulnerabilities in their browsers or plugins.

Drive-By Downloads: Similar to malicious websites, ransomware can be downloaded onto your computer without your knowledge through drive-by downloads. These downloads occur when you visit a legitimate website that has been compromised, and malware is automatically downloaded and installed onto your system in the background.

Vulnerable Software: Ransomware can exploit vulnerabilities in software installed on your computer, such as operating systems, web browsers, or plugins. Cybercriminals exploit these vulnerabilities to gain unauthorized access to your system and deploy ransomware.

Malicious Advertisements (Malvertising): Ransomware can also be distributed through malicious advertisements displayed on legitimate websites. Clicking on these ads can lead to the automatic download and installation of ransomware onto your computer.

By Zaib
March 25, 2024
Ransomware
English
March 25, 2024
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Softcnapp Potentially Unwanted Application

1 month ago

Jegdex Scam

11 days ago

What is Cdmx Ransomware?

3 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

8 months ago

'American Express - Update Your Account Information' Email Scam

7 months ago

Related Posts

Ransomware

Lumino_Ransom Ransomware Contains Bilingual Ransom Note

Lumino_Ransom is a new ransomware variant discovered in late October 2022. It does not belong to any of the big families of ransomware clones. Lumino will encrypt the system and scramble files on it. Once encrypted,... Read more

October 21, 2022
Ransomware

CrypBits256 Ransomware Uses Ransom Note in Portuguese

During our routine examination of new malware samples, our team of researchers came across the CrypBits256 ransomware. CrypBits256 is part of the Xorist ransomware family and operates by encrypting data and demanding... Read more

May 4, 2023
Ransomware

69 Ransomware Uses Brief Ransom Note

There is a new strain of file-encrypting malware in the wild. The new ransomware is called simply the 69 ransomware and it has a ransom demand note that is as short and concise as its name. When the 69 ransomware is... Read more

July 26, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.