FANDOM


ICP is a ransomware infection designed to stealthily infiltrate computers and compromise data by encrypting it. ICP is virtually identical to PromoradKoreaPromokFrendi, and dozens of other ransomware-type viruses. 

Payload

While doing so, ICP renames each encrypted file by appending ".icp" extension. For instance, encrypted "sample.jpg" will be renamed to "sample.jpg.icp". Aside from compromising data (and making it unusable) ICP also generates a text file named "Restore_ICPICP_Files.txt" and drops its copy in every existing folder.

As usually, a created text file is a ransom note. It basically states that data is encrypted and that ICP's developers are the only ones who are capable of restoring it. Therefore, victims who want to recover compromised files must contact these persons via one of the emails provided. Unluckily, claims that only developers can restore data are most likely to be true. It is currently unknown what type of cryptography (symmetric or asymmetric) does ICP use. 

After contacting these persons users will be asked to pay a ransom in exchange for the key or either a decryption tool with the key embedded within. The price is currently unconfirmed - such details are also provided via email. In most cases, however, the size of ransom fluctuates between $500 and $1500, and crooks demand to pay in various cryptocurrencies (Bitcoin, Monero, Ethereum, DASH, or other), because it allows them to stay anonymous.

Text presented in ICP ransomware's text file ("Restore_ICPICP_Files.txt"):

Attention!
Do not rename the ciphered files
Do not try to decrypt your data with the help of the third-party software, it can cause 
constant data loss.
If you, your programmers or your friends help you to decrypt your files - it can lead to 
data loss.
You do not joke with files.
My email decrypter02@cumallover.me,piterpen02@keemail.me
Community content is available under CC-BY-SA unless otherwise noted.