- Home
- Detectable Ransomware
- Chinese Coffee
Ransomware Research
Chinese Coffee Ransomware
Chinese Coffee is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on February 1, 2022, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Chinese Coffee
- First Seen
- February 1, 2022
How Chinese Coffee Ransomware Works
Targeted Files
467e0dce7deac627f86ce46aa0ec23b0265da45dc85564a71cf10bf676f84a6f -> doesn't work (loader, requires files ont gitee)
File Encryption Patterns
Chinese Coffee modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..coffee
Ransom Note and Payment Demands
After encrypting files, Chinese Coffee displays ransom notes demanding payment for file recovery:
请阅读我.RSA.txt
Ransom message:
notes/请阅读我.RSA.txt
Note locations:
UserFolders
Technical Indicators
Associated Executable Files
The following executable files are associated with Chinese Coffee ransomware:
Updater.exe
csrts.exe
updater.exe
Myou.dll
Elastio Can Help You
Don't let Chinese Coffee ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Chinese Coffee ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Chinese Coffee.
Last updated: July 30, 2025