Every other day ransomware removal experts discover a new cryptovirological attack that offers some new insight regarding the massive development in this cybersecurity niche. A malware hunter recently discovered a new ransomware strain that goes by the name Tunca.
The initial examination of this cryptovirological script suggests that it uses vulnerabilities of Microsoft .NET framework to unleash its encryption activity on the affected devices. Experts also believe that Tunca ransomware is still in its developmental phase because it can’t encrypt all the files on the affected device.
After the encryption process ends, the affected files are appended with a ‘tunca’ extension. Instead of text or HTML file, Tunca operators use a pop-up window to display the ransom note. This might sound familiar but Tunca is different from other recently discovered cryptovirological strains due to following reasons.
Ransom is not Asked in Cryptocurrency
We see that nearly every ransomware operator asks for extortion in Bitcoins or other cryptocurrencies. They choose cryptocurrency transactions because of their absolute anonymous nature. However, that’s not the case with Tunca ransomware. Its operators demand 100 Euros through Paysafecard to provide ransomware removal key. Paysafecard is a prepaid online payment portal that doesn’t need any personal information (bank account or credit card details).
Tunca Operators also Offer Free Decryption
Tunca operators are also offering free decryption to the affected users on one condition, i.e. they have to infect 10 other users. This is quite a unique offer that we haven’t seen in earlier ransomware activities. We strongly advise users to not accept this offer. There is no guarantee that you will get the ransomware removal decrypter after becoming an accomplice of cyber criminals (ransomware operators). You can also end up in trouble with law enforcement agencies for deliberately spreading cryptovirological infection.
We recommend you to neither pay extortion nor affect others for free decryption. Instead, get in touch with ransomware removal experts to professionally handle the situation.
