CreamPie Ransomware
The CreamPie Ransomware is a file-locking Trojan that can encrypt documents, pictures, and similar media files to stop them from opening. Its attacks also include changes to filenames, and, in the future, may support creating ransoming messages, such as pop-ups or text notes. Let your anti-malware products delete the CreamPie Ransomware immediately, when possible, and have backups available for recovering anything that this Trojan damages.
The Windows Dessert that Bites Back
A file-locking Trojan without any ransoming demands, but with the appropriate attacks for blocking data and holding them hostage, is just starting to become identifiable on public-facing threat databases. Like the Kryptonite RBY Ransomware, the Xolzsec Ransomware, the SevenDays Ransomware, and other, seemingly incomplete threats, the new CreamPie Ransomware creates no text messages or pop-ups. However, its threat actor uses other means of providing an e-mail address, probably as the intended method of negotiating for recovering your files.
The CreamPie Ransomware runs a typical encryption feature, similar to that of Hidden Tear or the Russian Scarab Ransomware family, that searches for local media to block according to appropriate formats and directory locations, such as JPGs and the user's Windows profile folders. It also uses a filename text-injecting feature that adds a bracketed e-mail address and the 'CreamPie' extension to the ends of every file, possibly, providing a point of contact for learning more about any ransom demands from the threat actor.
Malware researchers are finding a minimum of unusual features from the CreamPie Ransomware, which, however, does seem likely of getting more development after this article's publication. One of several markers of its partially-built status is its creation of a visible, CMD-based UI window that lists the files that it locks while the attack runs. Since it's counterproductive for file-locker Trojans to warn the user while the media-encrypting is happening, any new releases of the CreamPie Ransomware, most likely, will not have this 'test' feature or will replace it with a misleading pop-up.
Avoiding the Wrong Flavor of Pie
No version of the CreamPie Ransomware to date provides file information that might hint as to its possible disguises for infiltrating a PC, such as stolen certificates or fake company publication credentials. However, the CreamPie Ransomware is a 32-bit Windows program and, like most file-locker Trojans for that OS, requires at least an Intel 386 processor for compatibility. The Trojan also is compact at less than two hundred kilobytes.
The CreamPie Ransomware communicates with a Russian-based Web server initially, although malware experts have yet to tie this feature to further attacks of note, such as backdoor functions or the uploading of stolen information. There is no decryption solution to the CreamPie Ransomware in the public sphere, and backing up files regularly and to non-local drives is the only means of preserving digital media that may prove effective against this threat. Alternately, many, if not all anti-malware products are deleting the CreamPie Ransomware accurately and should protect your computer accordingly.
The CreamPie Ransomware lacks any extraordinary features that would make it more of a problem for either threat analysts or the average PC owner than any other file-locking Trojan already is. Nevertheless, any file-locking Trojan is worth keeping away from your hard drive, unless you don't care about the data that you save to it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.