What kind of malware is Cdcc?
Following a recent examination of malware samples submitted to VirusTotal, it has been established that Cdcc is associated with the Djvu ransomware family. Its main goal is to encrypt data, and it produces a ransom note ("_readme.txt") while adding the ".cdcc" extension to file names (for instance, transforming "1.jpg" into "1.jpg.cdcc", "2.png" into "2.png.cdcc", and so forth).
It should be noted that Djvu family variants are often disseminated in conjunction with information stealers like RedLine and Vidar.
Cdcc ransom note overview
The ransom note assures the victim that complete recovery of all files, encompassing pictures, databases, and crucial documents, is possible. The files have undergone encryption using strong algorithms and a distinctive key. The note asserts that the exclusive method for file restoration is through the acquisition of a decryption tool and key.
As a guarantee, the note presents an option for a complimentary decryption of one file, with the stipulation that the chosen file should not contain valuable information. The specified cost for obtaining the private key and decryption software is $1999, but a 50% discount is made available if contact is initiated within the initial 72 hours, thereby reducing the price to $999.
The note issues a caution that data restoration is unattainable without payment. In order to get the necessary tools, the victim is directed to reach out to the email address support@freshingmail.top or employ an alternative email address, datarestorehelpyou@airmail.cc.
More about ransomware
Victims are strongly advised to abstain from engaging in negotiations with ransomware attackers and to steer clear of making ransom payments. Regrettably, the chances of gaining free access to files are minimal unless third-party decryption tools are available or files have been backed up.
Additionally, victims should swiftly remove ransomware from compromised computers to thwart potential additional encryptions and prevent the further spread of the threat within a local network. Taking prompt action in this regard is essential to minimize the impact and halt the progression of the ransomware.
Ransomware in general
In summary, ransomware poses a significant threat. This malicious software encrypts files, compelling victims to pay for their decryption. To mitigate the impact of ransomware, individuals and organizations must adopt strong cybersecurity measures, including regular data backups and diligent preventive practices.
Some examples of different ransomware variants are PIRAT HACKER GROUP, CoV, and AeR.
How did ransomware infect my computer?
Threat actors utilize various techniques to distribute Djvu ransomware, such as pirated software, cracking tools, and key generators. Deceptive websites that falsely promise YouTube video downloads, along with emails containing harmful attachments or links, are additional channels through which users may unintentionally trigger ransomware on their systems.
Infections can also originate from interactions with malicious advertisements and acquiring files or programs from peer-to-peer (P2P) networks, torrent websites, third-party downloaders, and similar platforms. Using outdated software can also lead to computer infections.
How to protect yourself from ransomware infections?
Download software and files from trusted sources like official websites and authorized app stores. Be cautious when visiting questionable websites, especially those offering pirated software, cracking tools, key generators, and similar downloads. Always check the safety of email attachments or links before opening them.
Avoid clicking on ads and pop-ups on suspicious websites. Improve overall cybersecurity by installing reliable antivirus and anti-malware software. Keep the operating system, security tools, and other installed software up to date. If your computer is already infected with Cdcc. Read this Cdcc Removal Guide to remove Cdcc File Virus and decrypt your files.
There are currently two versions of Djvu ransomware infections: old and new. The old versions were designed to encrypt data by using a hard-coded "offline key" whenever the infected machine had no internet connection or the server was timing out/not responding.
Therefore, some victims were able to decrypt data using a tool developed by cyber security researcher, Michael Gillespie, however, since the encryption mechanism has been slightly changed (hence the new version, released in August, 2019), the decrypter no longer works and it is not supported anymore.
If your data has been encrypted by an older version, you might be able to restore it with the another tool developed by Emsisoft and Michael Gillespie. It supports a total of 148 Djvu's variants and you can find more information, as well as download link and decryption instructions in Emsisoft's official page.
