Tunca ransomware – a malicious computer infection which appears to be in a development stage

Tunca ransomware is a computer virus which relies on Microsoft .NET framework and it seems to be in the state of development. The cryptovirus was first discovered by a cybersecurity researcher named Leo.[1] This ransomware[2] acts exactly as other of its kind: once installed, Tunca virus performs the encryption process by using AES (advanced encryption standard). Once locked, files end up with the .tunca appendix. Furthermore, a pop-up window appears announcing about the secret invasion. However, this ransomware, unlikely from others, urges for 100 euros to be paid by Paysafecard[3] in order to receive the KGDecrypt key. Also, the crooks provide their lockify@protonmail.com email address to make contact with their victims. However, as the ransomware virus is not capable of locking files on the infected computer, it is clear that it hasn't been finished yet.
| Name | Tunca virus |
|---|---|
| Category | Ransomware |
| Appendix | .tunca |
| Developed by | Microsoft .NET framework |
| Founder | Leo |
| Ransom | 100 euros |
| lockify@protonmail.com | |
| Deletion | Get FortectIntego to detect damaged objects |
Once the user overcomes the Microsoft .NET framework error, the crooks give three options:
- see error details;
- continue;
- quit.
However, if the user chooses the “Continue” button, files are re-encrypted again, and another .tunca extension is added to each locked file. Furthermore, if the victims of Tunca ransomware decide to pick the “Quit” option, nothing happens and files stay encrypted. Here you can see the ransom message:
Ooops, it seems like all of your files have been encrypted with AESencryption algorithm.
Can I get my files back?
-Yes, you can. But you need this following software :
KGDecrypt
– Without the software, no one can decrypt your filesHow do I pay?
-Simply buy a 100€ Paysafecard
-Send message with the Paysafecard PIN to this account :
Lockify@protonmail.com
-Wait for us to confirm your payment
-Get the decryptorHowever, there is a way to get a free decryptor!
How to get the free decryptor?
-Create a link on grabify that will download your victim the ransomware
-With this, infect at least 10 people
-Send proof to : Lockify@protonmail.com
-Get your decryptor
An interesting thing is that the cybercriminals also offer free decryption. However, it might not be that satisfying as it seems. In order to get the decryption tool, crooks require the victim to infect at least ten other users with this dangerous infection. We advise denying both paying and infecting other people. What we suggest is performing the Tunca ransomware removal with reputable tools only. Furthermore, try using FortectIntego to discover all malware-laden content.
The keys that are used by ransomware to encrypt and decrypt files are stored on remote servers. This hardens the decryption process even for tech-experts. However, that does not mean you have to agree with the crooks' solutions. No! After you remove Tunca virus, we suggest scrolling down this article and finding the data recovery methods. Even though these tools are third-party ones, they are still a better option than contacting the cybercriminals and risking to get scammed.
Note that, ransomware viruses can be extremely dangerous, especially, when they have other damaging abilities such as injecting other infections, placing rogue content in the system, avoiding the detection of antivirus programs, and so on. Tunca ransomware is also a threat you should get rid of as soon as possible. If you experience any ransomware-related signs such as encrypted files, rogue processes running, or the ransom message, you should take actions against the malicious activity immediately.

Email spam – ransomware's main distribution source
According to tech experts from Virusai.lt,[4] ransomware infections are most likely to come from rogue emails messages and their attachments, or links. Crooks inject malicious content to an URL which is placed inside the email letter or add a malware-laden file to the message itself. Be careful while opening suspicious-looking messages, or even better – do not open them at all. Send all rogue content straight to the trash section and delete it permanently.
Furthermore, there are some other sources that might spread ransomware infections. P2P networks and other secondary websites can be filled with potentially dangerous content. The only way to avoid it is staying cautious while browsing the web and entering various sites. However, you can increase the system's protection automatically by using reliable anti-malware tools. Besides, do not hesitate to invest in a reputable one!
Terminate Tunca virus
To remove Tunca virus, use the automatical elimination technique only. Specific anti-malware tools are created for malware elimination purposes. Furthermore, it is important to catch each infected component in the system. For this purpose, we offer to download and install a reliable computer tool such as FortectIntego, SpyHunterCombo Cleaner, or MalwarebytesMalwarebytes.
Later on, after you perform the Tunca ransomware removal, make sure you carry out some system backups and refresh your entire computer. After that, take a look at our below-provide data recovery methods. Make sure that you choose the most suitable software for you, otherwise, you might not reach wanted results. For example, if you want to use Shadow Explorer but the virus has erased Shadow Copies, better choose another method as this one is very likely not to work properly.
Was this guide helpful?
Be the first to comment