CRBR Encryptor Ransomware

The CRBR Encryptor Ransomware is a variant of the Cerber Ransomware, a Trojan that locks your files by encrypting their internal data and makes money from selling its decryptor. Although most of the changes to this threat are branding-based, users should continue defending their media by backing it up and having security software guarding against the most common infection vectors. While free decryption may not be possible, anti-malware products may interrupt the encryption attack by deleting the CRBR Encryptor Ransomware when the victim opens it accidentally.

New Names for Old Faces in Data-Locking Attacks

Apparently, threat actors with access to the Cerber Ransomware's code are dissatisfied with the brand identity of their malicious 'product.' Another update (following in the steps of the Cerber2 Ransomware, the Cerber3 Ransomware, the Cerber 6 Ransomware, et cetera) is being caught and analyzed as of late June, this time, using the name of the CRBR Encryptor Ransomware. Its authors haven't modified the earlier encryption feature substantially, which means that the Trojan is just as capable of locking your files permanently no matter what it names itself.

The CRBR Encryptor Ransomware is being sent out to target businesses and other, ransom-vulnerable entities as part of a spamming campaign using fake e-mail messages, particularly ones claiming to be from a Microsoft security team. The attached JavaScript file installs the CRBR Encryptor Ransomware automatically. Alternately, some victims are exposing themselves to this threat after loading the Magnitude Exploit Kit on a compromised website.

The Trojan proceeds to lock media like documents and spreadsheets by encrypting it, a function also including a name-changing feature to overwrite the entire original filename. The CRBR Encryptor Ransomware also inserts 'a82d' as a replacement extension, regardless of any original format.

Its threat actors are placing both text and Web page ransoming messages in the affected folders, which deliver the same pay-for-decryption instructions as that of the next-youngest version of the Cerber Ransomware. The use of Bitcoin as the currency of choice prevents you from receiving a refund if the con artists choose not to give you any decrypting assistance.

Keeping Your Protection Modernized against the Latest Trojan Tech

Malware analysts have yet to determine why the CRBR Encryptor Ransomware's threat actors felt the need to change the brand, and little else, about the CRBR Encryptor Ransomware, compared to the last few versions of the family. While it's using a new identity, the Trojan's installation exploits are extremely traditional. Anti-malware products should block corrupted e-mail attachments or EKs using drive-by-download attacks against your PC. Disabling abusable content like JavaScript or macros also is beneficial.

The CRBR Encryptor Ransomware has no free decryptor available to the public, for now, and you may not see one in the future. Consistently, saving a backup on a device not vulnerable to a Trojan attack provides the most straightforward and inexpensive recovery method for potentially damaged files. Without backups, blocking and removing the CRBR Encryptor Ransomware prematurely with anti-malware software is the only way to guarantee the safety of your documents, archives, pictures and other media.

The fact that the CRBR Encryptor Ransomware isn't experiencing many updates to its internal functions is likely because its attacks still are successful financially. PC users that aren't doing their part to keep what's theirs safe, sadly, may be enabling the Cerber Ransomware brand to live on with a new name for 2017.

Technical Details