Cyspt Ransomware
The Cyspt Ransomware is a variant of the AresCrypt Ransomware, a file-locking Trojan that blocks your data with the AES-256 encryption. Its payload includes some supporting features, such as closing some security-related programs and networking communications. Have your anti-malware products block and delete the Cyspt Ransomware as a high-level threat to your PC's files and store external backups for counteracting any encryption damage.
Criminals Borrowing Someone Else's Trojan
Months after the BlackFireEye Ransomware sprung up, another member of the AresCrypt Ransomware's family is appearing, with budgetary considerations that explain its existence. The criminal author, who is doing not much more than changing the name of the program to the Cyspt Ransomware, is asserting poverty on social media as an explanation for both the extortion campaign and its use of preexisting software. For anyone under an attack, however, their files are locked just as thoroughly as if the attacker had hired out a traditional Ransomware-as-a-Service product like the Crysis Ransomware.
The Cyspt Ransomware runs off of AES-256 encryption for attacking media files in Windows environments. Although the operating system shouldn't suffer any damage, documents, databases, pictures and other, recreational or work data are at risk. The Cyspt Ransomware also appends a new 'OOFNIK' extension to the ends of their names, which is not a part of the first AresCrypt Ransomware. Malware experts still have yet to find any vulnerabilities allowing decrypting of these blocked files through a third-party tool or code.
The Cyspt Ransomware creates a detailed pop-up for delivering its author's ransoming demands, which ask for Bitcoins (to an empty and unused wallet, as of this article's publication date). Other, significant features embedded in it include a countdown until the price rises, a customer ID, a payment checker, and a built-in decryptor that malware experts have yet to verify. All of these features are commonplace in similar threats, particularly RaaS families like the Globe Ransomware.
The Problems You might Forget about While You're Clicking Your Files
The Cyspt Ransomware offers more than 'only' encryption as a danger to your PC. It includes back-and-forth C&C communications for alerting the threat actor and securing the encryption, along with some features for terminating counteractive security software. In particular, the Cyspt Ransomware, and other AresCrypt Ransomware variants will avoid virtual environments and may close any processes related to sandbox services automatically.
The Cyspt Ransomware's ransom is cheap, which isn't necessarily an indication of the safety of paying it. However, fees of under one hundred USD, usually, are for campaigns attacking random PC users through torrents, bundled or mislabeled downloads, malvertising, and piracy downloading websites. Most anti-malware suites provide various defenses against all of these infection vectors and can remove the Cyspt Ransomware from your computer automatically.
The Cyspt Ransomware costs nothing to the threat actor abusing it other than a microscopic amount of time. To keep it from extorting more than that substantially, you should back up your work and be more than a little careful about downloads that might be Trojans in waiting.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.