Curumim Ransomware

Posted by Lisa Blanc on November 17, 2017

What is Curumim Ransomware?

More and more new ransomware threats emerge, and Curumim Ransomware is the latest one to join the group. It appears that this threat is specifically targeted at those users who speak Portuguese, which is why it is most likely to be found on computers that are located in Portugal and Brazil. The purpose of this threat is to corrupt files, and that is done using an algorithm that is acquired once the infection is executed. The encryption key is most likely to be downloaded from a remote server, and a decryption key created during the process is then likely to be sent back so that you could not get your hands on it. Unfortunately, expert malware researchers and even decryption software cannot help the victims of ransomware threats in most cases, which means that once files are encrypted, they are encrypted for good. While we focus on this in the report, our main attention is towards deleting Curumim Ransomware. Without a doubt, the sooner you remove this threat from your system, the better.test

How does Curumim Ransomware work?

Curumim Ransomware is not that much different than Kerkoporta Ransomware, Kristina Ransomware, and any other threat from the ransomware family. It invades the system, it encrypts the files, and then it asks for something in return. At this point in our research, we do not know yet what exactly it is that the creator of this threat wants because it simply demands that you email lordashadow@gmail.com. Of course, it is pretty obvious that this is just the beginning of the conversation. Once you establish communication, cyber criminals can request anything they want from you. According to Anti-Spyware-101.com researchers, all file-encryptors – excluding a few failed ones – demand money. Cyber crooks could promise you a decryption tool or a decryption key in return for a payment, but you need to be smart about all of that. Remember that they can say anything to get your money, but – as our experience reveals – they do not need to help you. In conclusion, whether or not you pay money, you are most likely to find yourself in the same situation, which is with encrypted files on your PC.

“Este computador foi pirateado! Seus arquivos pessoais foram criptografados. Envie-me um E-mail para obter o cadigo de senha de descriptografia“ is the message that you are introduced to via a file called “leia.txt”. A similar message is also represented via a file named “ransom.jpg”, which automatically replaces the Desktop background. This file is created in the same directory where the malicious Curumim Ransomware executable file is downloaded, which, of course, is random and depends on where the victim downloads it to. According to the message represented via the JPG file, you only have one day to recover your files. The files that the ransom notes are talking about are the ones with the “.curumim” extension appended to their names. If you are lucky, these files are backed up, and you can remove the corrupted copies with clear conscience. Once that is done, and Curumim Ransomware is deleted, you can then connect to your backups and transfer files back onto the computer if you need it.

How to delete Curumim Ransomware

Are you thinking about removing Curumim Ransomware manually? It is always good to take matters into your hands, but you need to think if this is the right choice for you. Maybe it is far better to install an anti-malware program that could automatically find and eliminate malicious components, as well as re-establish the protection of your Windows operating system? Needless to say, we strongly support this option. If you still want to remove Curumim Ransomware manually, check out the list of files you need to eliminate below. As you can see, we do not provide you with exact locations where these files are found because that differs in every case. Wherever you have downloaded the ransomware .exe file, that is where you will find it along with the JPG file as well. If you need our help erasing this threat – whether you are doing it manually or using software – do not hesitate to leave a comment below.

Removal Instructions

  1. Find and Delete the {random name}.exe file (the launcher).
  2. Find and Delete the ransom.jpg file (the background image file).
  3. Find and Delete all copies of the leia.txt file.
  4. Right-click the recycle bin icon and select Empty Recycle Bin.
  5. Perform a full system scan to look for malware leftovers. 100% FREE spyware scan and
    tested removal of Curumim Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *