The Cryptconsole Ransomware is a threat that claims to be able to encrypt the victim’s files but, in reality, it does not apply any encryption to the files it manages to modify. Instead, it simply changes their names to ‘[email protected]_[SHA-384 ENCODED FILE NAME]. The encoded file name is exactly 96-characters long, and while this change does not prevent users from viewing the contents of the files, it will make it extremely difficult for them to find the exact files they are looking for. Despite the lack of encryption, the CryptConsole Ransomware perpetrators still attempting to trick users into thinking that their files have been encrypted. To do this, they leave behind a ransom note called ‘How decrypt files.hta,’ which contains the payment instructions and some additional information. The first noticeable thing about the ransom note is that it is an exact copy of the ransom message used by all variants of the Globe Ransomware so that this is easily another trick that the authors have opted to use to fool victims into thinking that their files were taken hostage by a notorious piece of crypto-threat.
The authors of the CryptConsole Ransomware demand a ransom fee of 0.25 Bitcoins that must be sent to a wallet address found in the ransom message. Apparently, the CryptConsole Ransomware does not confirm payments automatically, and the attackers ask victims to send a screenshot of the transaction to [email protected] as proof that the payment has been completed. The good news is that due to the CryptConsole Ransomware’s lack of encryption, victims of this threat don’t have to pay any money to the cyber crooks. Not only this, but the scrambled file names also can be reversed by using the ‘CryptConsoleDecrypter,’ which will get the names of all affected files back to normal.
Victims of the CryptConsole Ransomware should not forget that the first thing they need to do before using the decrypter is to remove the infected files from their computers. This operation can be carried out with the help of any reliable anti-malware scanner since every major anti-virus vendor has already included the CryptConsole Ransomware to their threat database.