Emsisoft used decrypter on CryptoPokemon ransomware… It’s super effective!
Everyone’s favorite animated battle monsters have found themselves embroiled in a new ransomware campaign. First discovered by IntezerLabs, CryptoPokemon is a new strain of ransomware that encrypts your files and demands a payment of 0.02 Bitcoin (about $104 at the time of writing) to decrypt them.
If you have been infected with CryptoPokemon, do not pay the ransom!
After CryptoPokemon was brought to our attention, Emsisoft security experts were able to find a flaw in the ransomware’s code and create a decrypter that allows you to decrypt your files without paying a cent.
You can download the free CryptoPokemon decrypter here.
What is CryptoPokemon?
CryptoPokemon is ransomware that encrypts your files using SHA256 + AES128. It comes with a ransom note asking you to transfer 0.02 Bitcoin to a specified wallet. The note also contains an email address and a website where you can contact the attackers, who describe themselves as “valiant support [who] will help you solve this problem.”
A screenshot of the CryptoPokemon website.
Here’s the ransom note in full:
All files on your computer are encrypted. Files have the extension CRYPTOPOKEMON.
Do not try to decrypt the files yourself, this will only contribute to the loss of all your data on the computer.
To decrypt files, please transfer 0.0200000 BTC to 1Lx46kNYSXTRwMWBxhxxdW3nisJ61yfVoW
After you transfer money, write to email qaq94t64c45d3scd(Replace this parenthesis with the @ sign)openmailbox.org , saying this word “12356749412506806744”.
For advanced users:
After transferring money, go to http://cryptopokemon.top/ , and follow the instructions.
Your computer ID: 12356749412506806744
To enter the site, use the browser.
COPYRIGHT (c)2019 PokemonGO CRYPTOLOCKER pokemongo.icu
How to use the Emsisoft CryptoPokemon decrypter
Emsisoft CryptoPokemon decrypter.
- IMPORTANT! Make sure you remove the malware from your system first, otherwise it will repeatedly lock your system or encrypt files.
- Download the free Emsisoft CryptoPokemon decrypter.
- Run the executable and confirm the license agreement when asked.
- Click “Start” to decrypt your files. Note that this may take a while.
- All done! Gotta crypt ’em all!
Have a great (malware-free) day.
The post Emsisoft used decrypter on CryptoPokemon ransomware… It’s super effective! appeared first on Emsisoft | Security Blog.