Holycrypt Ransomware

The HolyCrypt Ransomware is a Trojan that encrypts the contents of an infected PC and loads a ransom note demanding payments in exchange for giving you back your data. In addition to recognizing the easily-visible symptoms of such attacks, you can protect your files by backing them up to locations the HolyCrypt Ransomware can't access. Even if you choose not to recover your information, malware experts can't endorse any response to the HolyCrypt Ransomware that doesn't entail using appropriate anti-malware products for uninstalling it.

A Holy Terror for Your Hard Drives

Incentive often is an essential part of any threat operation that requires any level of consent from a victim. The importance of forcing a target into taking the desired course of action is something often stressed in the 2016's file encryption Trojans, of which malware experts have identified another member: the HolyCrypt Ransomware. This Trojan campaign still uses images for delivering its extortion demand, and encryption for the initial motivation, but also adds an element of response time urgency to its attacks.

The HolyCrypt Ransomware appears to be using asymmetric, RSA and AES-based encryption methods currently, which maximizes the possible difficulty of decrypting any affected files without charge. This Python-based Trojan (a rare but not necessarily unheard of characteristic among threats) also renames the encrypted contents with the unusual choice of adding the '(encrypted)' prefix, rather than the suffixes that most file encryptors prefer. As always, the encrypted data can't be read without being run through an appropriate decryption routine, which the HolyCrypt Ransomware's con artists control the data key to initiating.

Although malware experts failed to find any 'live countdown' timing elements associated with the HolyCrypt Ransomware, they did note that its images include an embedded, static countdown warning. In theory, failing to pay the HolyCrypt Ransomware's fee in time (twenty-four hours) could prompt the con artists to make the data irrecoverable.

Successfully Lowering the Flag of a Malware Attack

The pirate-themed skull and crossbones of the HolyCrypt Ransomware's image instructions is a thematically appropriate identifying attribute, but warnings from this Trojan are of no greater significance than those of any file encrypting threat. Any PC owner who keeps backups on locations unassailable by most threats, such as a password-locked server or a remote device, can overwrite their files and ignore the problems of decryption. Since new decryption solutions often are needed for new threats of the HolyCrypt Ransomware's type, you also may wish to provide samples, when available, to any security companies requesting them.

The HolyCrypt Ransomware's perpetrators may provide a motive for paying them, but neglect to inform their victims that there is no matching incentive to deliver on any promised decryption assistance. You never should treat paying extortion fees to the operators of the HolyCrypt Ransomware's campaign as a guaranteed recovery option. Any such ransom methods always are undertaken at your risk, and may result in losses of thousands of dollars with no net benefit.

While our malware experts have noted mildly unusual changes in the HolyCrypt Ransomware's format from those of old threats, a successful defense against this campaign still uses the same tactics as previously. Real-time security monitoring and common sense are the only defenses most PC users need to stop the initial infection methods, leaving the need to remove the HolyCrypt Ransomware with a good anti-malware tool a strictly theoretical problem.

Technical Details