What is TURKEY Ransomware and Should You Pay the Ransom?
A new ransomware variant was recently spotted in the wild. The new strain is called TURKEY ransomware and it belongs to the family of Chaos ransomware variants.
The ransomware works like you would expect it to - it encrypts nearly all non-essential files on the system, including most document and media formats. Once files are encrypted, the TURKEY ransomware appends a four-digit extension past the original one, while preserving the original file name and extension.
This means that a file that was called "boat.jpg" prior to encryption will transform into something like "boat.jpg.x9sj" after it has been scrambled by the TURKEY ransomware.
The ransom demand is dropped in a plain text file called "read_it.txt". The hackers operating this strain of ransomware are asking for $1500 worth of bitcoin to allegedly send victims a decryption tool. Of course, there is no way to be sure that you would receive a working decryptor if you pay up.
The full ransom note contained in the file goes as follows:
All of your files have been encrypted with TURKEY ransomware
Your computer was infected with a ransomware. Your files have been encrypted and you won't be able to decrypt them without our help. What can I do to get my files back? You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer. The price for the software is $1,500. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinbase-hxxps://www.coinbase.com Bitpanda-hxxps://www.bitpanda.com
Payment information Amount: 0.03394 BTC
Bitcoin Address: [alphanumeric string]