CryptoFortress
Posted: March 6, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 77 |
| First Seen: | March 6, 2015 |
|---|---|
| OS(es) Affected: | Windows |
CryptoFortress is a file encryptor Trojan that uses an RSA encryption algorithm to make your stored data unreadable. After modifying your files, CryptoFortress also places instructions on your hard drive demanding cash payment in return for their restoration. Like other file encryption Trojans, there are zero guarantees of CryptoFortress's keeping its word after receiving payment, which is why malware experts recommend alternative solutions to its attacks. Anti-malware tools in conjunction with good file backup strategies should allow you to both remove CryptoFortress and protect your data from its attacks.
A Bastion of Illicit Activities Extending Over Your Network
CryptoFortress is a probable spinoff of the similar TorrentLocker Trojan, or, alternatively, was likely de-veloped by the same team. Although the similarities in ransom messages between these two threats are significant, malware analysts recently verified that CryptoFortress also differentiates itself from TorrentLocker: CryptoFortress can attack a broader expanse of files. Besides ransoming the files on the victim's primary hard drives, CryptoFortress also attacks network-shared files, regardless of whether or not you map them to a drive letter.
CryptoFortress's file encrypting attack uses a difficult-to-decrypt RSA algorithm that modifies your files to make them unreadable. Modified files can be recognized by the addition of the '.frtrss' extension, after their default file type suffixes. Malware analysts noted that CryptoFortress, like other file encryptors of late, also deletes the Shadow Volume Copies that would allow you to restore your files from an automatic backup (such as via System Restore).
An HTML ransom instruction delivered by CryptoFortress requests a sum in exchange for decrypting the affected files, with current ransoms holding at one Bitcoin (currently 274 USD). Although CryptoFortress does appear to have some limited decryption functions, as shown by its 'sample' decryption feature, its developers have no reason to honor any further decryption promises once they receive the ransom.
Dealing with a Nuclear-Delivered Trojan
CryptoFortress is one of the various forms of threats in payloads from the NuclearPack Exploit Kit, a browser-based threat that uses software vulnerabilities in its attacks. While the numbers behind Cryp-toFortress's current campaigns still are being estimated, this delivery method does have high potential for achieving elevated numbers of infections on a global scale. Updating your software and using proactive anti-malware security with your browser are the two defenses most effective against Exploit Kits, including the ones delivering CryptoFor-tress.
Meanwhile, CryptoFortress's encryption routine also shows signs of third parties with eyes on a large-scale ransom campaign. PC users who use network backups or permanently-attached storage devices should consider alternative means of formatting their backups that are less vulnerable to CryptoFortress's known capabilities. Whatever choice in file restoration you prefer to use, deleting CryptoFortress with anti-malware software should be your highest priority, after which you can take any steps needed to save your data.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:Dir\CryptoFortress __ 2015-03-12.exe
File name: CryptoFortress __ 2015-03-12.exeSize: 228.86 KB (228864 bytes)
MD5: e6dda3e06fd32fc3670d13098f3e22c9
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Path: Dir
Group: Malware file
Last Updated: May 14, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.