A new ransomware dubbed CryptoPokemon encrypts user files and demands approximately $104 worth of Bitcoin to decrypt the files.
CryptoPokemon encrypts files using SHA256 + AES128 and comes with a note containing an email address and website to contact the threat actors who describe themselves as “valiant support [who] will help you solve this problem.”
Emsisoft researchers are urging victims to not pay the ransom after they were able to find bugs in the malware’s source code which allowed them to create a free decryptor shared in their April 11 blog post.
All victims must do to remove the malware from your system first, otherwise it will repeatedly lock your system or encrypt files, download the free decryptor tool, run the executable, confirm the license agreement when asked, and simply click start to decrypt the files.
Earlier this month Emsisoft researchers also developed a decryption tool created for ransomware designed to boost PewDiePie subscriptions.