A ransomware appears to have been circulating for the past few weeks. It encrypts data files and creates a BUYUNLOCKCODE.txt ransom note in all directories where a file was encrypted.
This buyunlockcode.txt file contains instructions and an email that you must contact to receive payment instructions. Known email addresses are firstname.lastname@example.org and ChiuKhan@tom.com, though these will most likely change over time. At this time, the ransom amount is unknown.
The text of the BUYUNLOCKCODE.txt is:
Hi, your ID = JSOXXXXXXXX
All important files were encoded with RSA-1024 encryption algorithm.
There is the only way to restore them – purchase the unique unlock code.
Warning! Any attempt to recovering files without our "Special program" will cause data damage or complete data loss.
As we receive your payment, we will send special program and your unique code to unlock your system.
Guarantee: You can send one of the encrypted file by email and we decode it for free as proof of our abilities.
No sense to contact the police. Your payment must be made to the e-wallet. It's impossible to trace.
Don`t waste your and our time.
So, if you are ready to pay for recovering your files, please reply this email ChiuKhan@tom.com
Then we will send payment instructions.
Does anyone have any idea how to solve this problem?