CryptoRoger Ransomware
Posted: June 22, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 34 |
| First Seen: | June 22, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The CryptoRoger Ransomware is an encryption Trojan: a threat that uses encryption technology to block access to content. Remote attackers implement such attacks in the hope of reaping ransom fees in return for restoring your content, although paying a ransom never is a definitive solution. Always uninstall the CryptoRoger Ransomware with the anti-malware product of your choice while using third-party methods of recovering any damaged data.
A not-so-Jolly Roger for Your Files
Even with the hundreds of major variations of threatening file encryptors already in distribution, threat authors show no signs of slowing the pace of developing new ones. The CryptoRoger Ransomware is a new Trojan of this archetype only discovered by MalwareBytes researchers in the twenty-first of June. The CryptoRoger Ransomware corresponds to most of the trends in encryptor Trojans to date, with one exception: maintaining system persistence for future attacks.
The CryptoRoger Ransomware starts its payload with attacking files of as of yet unconfirmed formats, with documents, spreadsheets, images, and audio data being at a particular risk. The CryptoRoger Ransomware uses a robust AES-256 algorithm for encrypting all of that content, also adding '.crptrgr' extensions to each one. A text file inside the AppData folder stores data related to the attacked content and an HTML ransom message opens at the end of the process automatically.
All of these attacks are very traditional for any file encrypting Trojan. However, malware researchers also verified the presence of changes to the Windows Startup routine that enables the CryptoRoger Ransomware's automatic launch with each reboot. The CryptoRoger Ransomware then can encrypt any new files on the machine. This behavior differs significantly from past file encryptors, which rarely ran more than once, and sometimes even self-uninstalled after the fact.
Overcoming a File Pirate Before It Sails Off with Your Money
The CryptoRoger Ransomware's business model is reliant on PC users who don't protect their local data by backing it up to a remote source. Furthermore, it only can achieve future profitability from the ransoms paid by its victims. These ransoms never are guarantees of a working decryptor, and malware experts always endorse alternatives when practical, such as storing any important files on USB drives.
Due to the CryptoRoger Ransomware's more unique properties, you should avoid restarting an infected computer more than necessary for appropriate security protocols (such as using Safe Mode). The introduction of new files to your machine also should be eschewed until your anti-malware programs can remove the CryptoRoger Ransomware, including its Registry and startup components. Although the CryptoRoger Ransomware has shown no characteristics of having advanced security countermeasures, any manual removal does include the risk of harming components of unrelated software and even Windows.
The hundreds of dollars the CryptoRoger Ransomware's threat actors demand in exchange for returning your belongings back to you doesn't come with legal or technological protection that could verify a commensurate decryption service. If you believe the contents of your hard drive are valuable, taking steps to secure it before an infection occurs is vastly cheaper and safer than paying the CryptoRoger Ransomware's con artists and hoping for their goodwill.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:6b98fd062fbf0984dd3589edb092fa80
File name: 6b98fd062fbf0984dd3589edb092fa80Size: 172.03 KB (172032 bytes)
MD5: 6b98fd062fbf0984dd3589edb092fa80
Detection count: 93
Group: Malware file
Last Updated: June 22, 2016
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.