CorruptCrypt Ransomware
Posted: November 21, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 30 |
| First Seen: | September 30, 2021 |
|---|---|
| OS(es) Affected: | Windows |
The CorruptCrypt Ransomware is a Trojan that locks your files by modifying them with an AES-256 algorithm, which it supplements by delivering ransom notes asking for payment for the unlocking tool. Windows systems compromised by the CorruptCrypt Ransomware also may show various changes to the names of their files and system space-related errors. If possible, have your anti-malware programs block and remove the CorruptCrypt Ransomware immediately, and use backups or free decryption assistance to retrieve any blocked media.
Trojans Throwing Spare Garbage into Your Hard Drive
Using encryption to hold digital data hostage for pay is a traditional illicit tactic with numerous variations, many of which depend on periphery features that don't play central roles in either the cryptography attacks or the transfer of money. One of the newer samples of file-locker Trojans that malware researchers can verify is showing a handful of sharp differences from the baseline, even though its encryption method is very standard. The threat under analysis, the CorruptCrypt Ransomware, gives its victims additional hard drive issues to struggle through while delivering its demands for ransom money.
The CorruptCrypt Ransomware isn't a member of Hidden Tear or any other, readily identifiable family of file-locking threat, although its main line of attack is typical of similar to that of those Trojans. The CorruptCrypt Ransomware uses the AES encryption with a 256 key length to arbitrarily 'lock' different formats of data, including documents, archives, or images, by encrypting them. the CorruptCrypt Ransomware also is the first Trojan of its kinds that malware analysts can confirm as alternating how it modifies the names of the hostage media: odd files use an e-mail address-based extension, and even ones use the '.corrupt' extension. Neither one removes any part of the original name (therefore, 'one.bmp' would become 'one.bmp.acryhjccbb@protonmail.com' or 'one.bmp.corrupt').
The other, meaningful feature that malware experts are isolating is one for flooding storage space on the infected PC's hard drives. The CorruptCrypt Ransomware creates a 'fill\fill0' file in the C drive that it fills with junk data until the drive has no more space left. The Trojan's threat actors may use this attack to eliminate the backup data that advanced recovery could use to restore the victim's encrypted media indirectly. However, most applications require some amount of free disk space to perform correctly, and this lack of space could instigate crashes or poor performance.
Removing the Guesswork from Avoiding Corruption
The CorruptCrypt Ransomware campaign seems to be in its early testing phase, and malware researchers have no current information available on how its threat actors might install it or what ransoms they could require for their decryption help. However, AES is often breakable with third-party tools and victims without safe backups should contact an appropriate security researcher to see if they can save their blocked media without paying. File-locking Trojans may be associated with brute-force attacks, disguised e-mail attachments, and a variety of Web browser-based exploit kits.
The CorruptCrypt Ransomware also has one other trait worth highlighting: its currently spectacular rates of evasion against the AV industry's threat detection solutions. Always update your anti-malware programs whenever asked to do so, to help them identify new threats accurately as soon as possible. While uninstalling the CorruptCrypt Ransomware still should use appropriate anti-malware products or other, professional assistance, doing so afterward will not recover any of the victim's locked files automatically.
The CorruptCrypt Ransomware is an ambitious evolution of the archetype of a file-locking Trojan. Some of its features are highly 'noisy,' while other ones are stealth-oriented, but all of them equate to extortion and data loss, in the hands of a capable cybercrook.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.