Chch Ransomware

Posted by Sarah Stewart on January 8, 2020

What is Chch Ransomware?

If you got infected with Chch Ransomware, don’t panic. This ransomware program might have encrypted your files, but that is no reason to spend your savings on the decryption tool that might not even work. Please remove Chch Ransomware following the guidelines below this description, and then consider other file recovery options. It is also possible that some of your files will remain encrypted, and you will have to give them up, but don’t let that discourage you. Take it as a good opportunity to improve your overall cybersecurity so that you could avoid similar infections in the future.test

Where does Chch Ransomware come from?

Our research team suggests that Chch Ransomware is a variant of Squad Ransomware. It also means that the infection probably employs the same distribution methods that were used by its predecessor. As far as we can tell, the application should spread through unsafe RDP connections and third-party download packages. It also means that Chch Ransomware doesn’t enter your computer behind your back. The user has to trigger the infection, and this happens because people are tricked into thinking the files they receive are important and, thus, must be opened ASAP.

However, if you receive a file from an unknown source, or if you download something from a file-sharing platform, you have to keep in mind that the file might not be genuine. How can you be sure that it is safe to open the file? How can you be sure that it is not a malware installer file? If you still think that the file is an important document, but you want to double-check to be safe, please feel free to scan the said file with a reliable security tool. If the security tool doesn’t detect anything suspicious, you might as well open the file without any worry.

What does Chch Ransomware do?

However, a lot of users still end up opening the file that installs this malware on their systems, and then Chch Ransomware takes over. Like most of the ransomware programs out there, this program first scans the system looking for all the types of files it can encrypt. Then the encryption commences, and all the files that get locked up by this program get a new extension to their names. For example, a flower.jpg filename would look like flower.chch after the encryption. It goes without saying that it is not possible for the system to read such files anymore.

Aside from encrypting the files, Chch Ransomware also leaves a ransom note that you can open with Notepad in every single location where encrypted files are. The filename says READ_ME.TXT, and the infected users clearly cannot miss it. Once you open the file, it says the following:

Your files are encrypted!

All your important data has been encrypted.
To recover data you need decryptor.
To get the decryptor you should:
Send 1 test image or text file squadhack@email.tg
<…>
After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder.

We cannot know how much the people behind Chch Ransomware want for the decryption. However, it is clear that you should never contact them. It is actually very likely that they wouldn’t respond because Chch Ransomware isn’t a high-profile infection, and the connection between the infected system and its command and control center could be very unstable. Also, by paying the ransom fee, you would only encourage these criminals to carry on their malicious deeds.

How do I remove Chch Ransomware?

Removing Chch Ransomware isn’t hard. You just need to delete the file that launched the infection because the program doesn’t drop any additional files. Nevertheless, it might be challenging to get your files back. The best way to restore your files is by restoring them from a file back-up. So if you have an external hard drive where you keep copies of your files, or if you automatically back everything up on a cloud drive, there should be no problem to transfer everything back into your computer. Just don’t forget to remove Chch Ransomware and all the encrypted files first! If you do not have a file back-up, consider addressing a cybersecurity professional for other options.

Manual Chch Ransomware Removal

  1. Delete the most recent files from Desktop.
  2. Remove the most recent files from the Downloads folder.
  3. Press Win+R and enter %TEMP%. Press OK.
  4. Delete the most recent files from the directory.
  5. Run a full system scan with SpyHunter. 100% FREE spyware scan and
    tested removal of Chch Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *