Curumim Ransomware Removal Guide

The Curumim ransomware is a harmful computer infection that encrypts numerous files on a computer and demands a ransom.  Curumim is another addition to ransomware based on the Hidden Tear open source code. Once the Curumim ransomware gets on the computer and encrypts files, it displays its ransom warning in a program window, which can easily be closed. The warning contains only a few statements regarding the encryption that has just took place and the Curumim character; hence the name of the infection.  Our advice is that you remove the Curumim ransomware, which you should do immediately after finding that your PC is affected by this nasty threat.

The Curumim threat encrypts files located in different directories and adds the file extension .curumim next to the already existing one. Additionally, the infection creates a .txt file containing the same statements as in the pop-up ransom warning.  According to the infection, a victim has to reach out to someone behind the infection at lordashadow@gmail.com for more information about further actions. The tactic when no detailed information is provided in the ransom warning is gaining its popularity among ransomware developers, who very often claim that the release fee depends on how quickly victims contact them.

The vast majority of the ransomware threats' warnings would contain the amount of money required; moreover, the method of money transaction would be given. In the present case, the ransom sum and the service of payment are not specified. Usually, victims are required to use the Bitcoin currency, which is not owned or controlled by any central bank, to pay a fee varying from around $50 to $200 or $300 . Bitcoin transactions are made anonymously, which has enabled black hat hackers to remain unidentified and earn big revenues. It is essential to ignore the attackers' demands to pay for file decryption because there is no guarantee that encrypted data will be restored. By not paying up, we would deprive hackers of profits, which one day might bring their illegal actions to an end.

Very often, ransom notes are written in English and are not necessarily meant for a particular region. The Curumim ransomware seems to be oriented towards Portuguese-speaking computer users. The ransomware is built using Hidden Tear, which was originally aimed for educational proposes and only a bit later became a publicly available tool for building ransomware. It is possible that the Curumim ransomware is just some script kiddies' effort to earn easy money from inexperienced computers using unprotected computers.

The Hidden Tear ransomware has recently become a powerful tool for creating damaging ransomware. In the beginning, Hidden Tear threats would encrypt files that are located in a test directory on the desktop. The absence of such a directory would mean that encryption does not take place; however, the latest Hidden Tear-based infections are capable of much more.  For example, the original code used AES encryption, whereas the spin-offs of Hidden Tear code use different encryption althorithms. What is more, some of the threats based on Hidden Tear do not save encryption keys anywhere, which means that the encrypted data is lost for good. That again shows that paying up to the attackers is a waste of time and money.

The Curumim ransomware should be removed from the computer immediately after being provided with its ransom warning. Removing a computer infection may seem to be challenging, but in the present case, you can easily do that by simply deleting malicious files. The Curumim threat does not create its files in different directories, so you should manage to do that yourself. Even so, how are you going to prevent similar instances in the future? We recommend using a reputable security tool that can remove Curumim for you and safeguard the system against multiple damaging threats. The sooner you take action to protect yourself and your data, the lower the risk of getting compromised again, so we encourage you to take action right now.

How to remove the Curumim ransomware

1. Remove recently downloaded files from the desktop.
2. Access the Downloads folder and other directories to which you save your downloaded files.
3. Delete questionable files and clear the Recycle bin.