TurkStatik is a new variant of ransomware that encrypts most of the files on the attacked PC. Security researchers had reported that the threat uses AES-256 and RSA-2048 encryption algorithm to encode files on the attacked PC and appends .Ciphered Extension to the encrypted files. It is analyzed that the TurkStatik is distributed through phishing email campaigns. Unfortunately, if the user downloads the infected mail attachment that is actually a macro-enabled document containing the payloads of the virus. Upon clicking, the document starts running the script and TurkStatik Ransomware gets installed on the attacked computer system.
After installed, it searches for the important documents, photos, video, audio, databases, PDFs and other local drives. The infection uses AES cipher to transcode the data that are locked by the filename and the‘.Ciphered Extension’ suffix. For example, blackcat.jpg is renamed to blackcat.jpg.Ciphered Extension. After the encryption process been done, then the Ransomware drops a file named as ‘README_FOR_DECRYPT_YOUR_FILES.txt’ on the desktop and the encryption locations.
According to the ransom note, the authors demands 0.3 Bitcoin (1815 USD/1461 EUR) as ransom. TurkStatik describes it as the ‘.Ciphered Decryptor’ software which means after paying the amount the user will be provided with the decryption key to decode the locked files.
However, there is no any guarantee that they will decrypt all the files after receiving the payment. Thus, security researchers advise not to pay the ransom to the authors of TurkStatik Ransomware and quickly remove the threat from the PC. Also, you can try recovering your data from backups if any or take the help of data recovery software programs.
|Description||“TurkStatik ” encrypts files, videos, images and texts stored on the target PC with .bin extension and demand a ransom amount from users.|
|Possible Symptoms||Avoid access to files, Deliver of Fake error warnings, avoid visiting useful web address, Change of browser settings and adding up start-up codes to Registry Editor.|
|Detection / Removal Tool||Download the Detection/Removal tool– To confirm attack of “TurkStatik ” virus on your computer.|
We would recommend to use below tool and run it on your computer to remove TurkStatik automatically.