CryptoJacky Ransomware
Posted: March 8, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 80 |
| First Seen: | March 8, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The CryptoJacky Ransomware is a Trojan that blocks your files by encrypting their contents with an AES algorithm. Its attacks include fraudulent legal notifications implying that the data-blocking effect is a penalty for you breaking unspecified Internet regulations. Ignore the ransom-based recovery method and other information this threat provides and use anti-malware products to remove the CryptoJacky Ransomware, after which you may recover your files by other means.
The Trojan Jacky Takes You for a Rube
While ransom-based threats, such as file-encryptor Trojans, make few attempts at hiding the real motives of their attacks currently, the threat industry is subject to timely fluctuations in its methodology. Old trends in Trojans extorting money from their victims more often are focused on pretending to be a legitimate program installed by a law enforcement agency as a penalty for supposed transgressions. Now, malware researchers identify a Trojan that 'splits the difference' between old and new tactics: the CryptoJacky Ransomware.
The CryptoJacky Ransomware is targeting Spanish speakers exclusively, although its current distribution methods are awaiting confirmation. With the installation completed, the CryptoJacky Ransomware loads a secondary executable that scans for, and encrypts, files of formats like DOC, RTF or MPG. This encryption, which locks the affected data by enciphering it, uses AES or Rijndael. After blocking this content, the CryptoJacky Ransomware places three extra files on the desktop.
The desktop additions include two LNK files that generate Windows-based pop-ups, as well as a direct link to a ransom transaction Web address. The former provides Spanish-language instructions for paying a Bitcoin sum for decrypting (and thereby unlocking) your files, as well as claims that the attack is occurring to punish the PC user for non-specific, online illicit behavior. As usual, malware experts are seeing no evidence of the CryptoJacky Ransomware being anything other than the project of a lone con artist.
Shredding the Latest Trojan Disguises
While the CryptoJacky Ransomware makes attempts to pretend that it's a law-enforcement program, it lacks many of the tools that earlier, ransom-based threats used to convince their victims of the hoax. However, PC users not backing up their files to safe locations regularly remain at risk for file damage that even professional cyber security experts may be unable to reverse. For Trojans like the CryptoJacky Ransomware, with no known family, malware experts can recommend no solution superior to protecting your PC and data preemptively, such as by backing everything up to another server.
Since the CryptoJacky Ransomware demands its 250 Euro fee in Bitcoins, anyone paying its ransom will be unable to cancel the transaction, in cases where the con artists fail to deliver the decryption solution. Similar Trojans may make the same demands for money without saving the required decryptor key or implementing other, necessary data-recovery features. However, many brands of anti-malware products can detect the early versions of the CryptoJacky Ransomware as a threat currently, raising the prospects of deleting it before it encrypts any files.
Even when you have adequate anti-malware tools to do so, removing the CryptoJacky Ransomware after it locks your content is a sub-optimal solution. Likewise, PC owners' greatest security risk still is them, as long as Trojans are willing to lie for the sake of money.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.