Cryptohasyou is ransomware that encrypts various files stored on the infiltrated system including .exe, .com, .bin, .dat, .sys, any .dmp, .information. .key, .pdb, .bat, .ps1, .vb, .ws, .wsd, .cpl,. reg, .dll,. ini, .msi, .pfx, .sct and .wsc.
Cryptohasyou uses the AES-256 algorithm with an RSA-2048 key. Thus, private and public keys are generated during encryption. Cryptohasyou also creates a YOUR_FILES_ARE_LOCKED.txt file in each folder containing the compromised files. Note that this ransomware adds a .enc extension to all encrypted files and, therefore, it is straightforward to identify them.
YOUR_FILES_ARE_LOCKED.txt file contains a message demanding a ransom and stating that most of the victim's files have been encrypted. It goes on to state that the only way to restore them is to purchased specific software (a decrypter) from the cyber criminals. According to this file, victim must pay a $300 ransom, and the price will rise by $150 every three days. The developers of .Cryptohasyou give victims the opportunity to decrypt their file free of charge - victims are simply required to send the selected file to the email address provided. Unfortunately, files can only be decrypted using the private key, which is stored on C&C [command and control] servers controlled by cyber criminals.
Text presented in YOUR_FILES_ARE_LOCKED.txt file:
READ THIS. IT IS VERY IMPORTANT. Hello. unfortunately for you, a virus has found its way onto your computer. The virus has encrypted all of the files that exist on this computer (pictures, documents, spreadsheets, videos, etc). There is no way to restore the files back to their original forms without the unique decryption program. Fortunately, we can help. We have your unique decryption program. If you value your locked files and want to restore them, we can provide you with the decryption program and any assistance you need for the price of $300. Want us to fix all of your files? Have a question? Want to send us a complaint (or compliment)? Contact us! Our email is locked(AT)vistomail.com We will get back to you with haste. If you want proof that we can decrypt your files, send us a single encrypted file in an email and we will return it to you fixed and in original condition! You must respond to this in a timely fashion if you want your original files back. The initial price of our service is $300. For every 3 days that pass, the price of our service will raise by an additional $150. We will know how long it has been. Remember, we are your only option. If you consult an IT expert, they will tell you the same thing. Cheers. Additional Details: (for IT people) [+] It is impossible to recover the original files without our help. [+]Encryption scheme: aes256(filesystem, aes_key) -> rsa2048(aes_key, public_key) -In other words, the private_key is required to decrypt the filesystem [+] During filesystem encryption, all affected files had the original data overwritten with the encrypted data several times over to prevent recovery. [+] If the extension of an encrypted file is not ".enc" when the decryption program is run, it will not be decrypted. [+] Do not shut down or restart your computer while filesystem decryption occurs FOR FILE DECRYPTION CONTACT US: locked(AT)vistomail.com YOU will need to provide the following data to us along with payment in order to decrypt your files.