Chinese Coffee is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on February 1, 2022, this ransomware has been actively targeting systems worldwide.
Quick Facts
Ransomware Family
Chinese Coffee
First Seen
February 1, 2022
How Chinese Coffee Ransomware Works
Targeted Files
467e0dce7deac627f86ce46aa0ec23b0265da45dc85564a71cf10bf676f84a6f -> doesn't work (loader, requires files ont gitee)
File Encryption Patterns
Chinese Coffee modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..coffee
Ransom Note and Payment Demands
After encrypting files, Chinese Coffee displays ransom notes demanding payment for file recovery:
file请阅读我.RSA.txt
Ransom message:
notes/请阅读我.RSA.txt
Note locations:
UserFolders
Technical Indicators
Associated Executable Files
The following executable files are associated with Chinese Coffee ransomware:
Updater.exe
csrts.exe
updater.exe
Myou.dll
Elastio Can Help You
Don't let Chinese Coffee ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
This Chinese Coffee ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Chinese Coffee.