Creeper Ransomware
The Creeper Ransomware is a file-locker Trojan that can disable different media types and change their filenames. Its threat actor is deploying the Trojan for collecting ransoms, the demands for which it relays through an accompanying text message. Due to the potential uncertainty of decryption being accessible, users should keep secure, updated backups for protecting their files, and have anti-malware programs ready for uninstalling the Creeper Ransomware.
The Ancient History of Software Creeping Back on the Scene
One of the first computer worms of significance to history is the Creeper, which is a non-threatening program whose payload consists of little more than self-replication and generating a message announcing itself. However, threat actors always are happy to borrow the names of well-known phenomena, and a file-locking campaign is deploying itself with the same name, over forty years later. The Creeper Ransomware is one of the few Trojans of 2018 that extorts the Monero cryptocurrency instead of Bitcoins, with the most recent, previous example being the MoneroPay Ransomware.
The Creeper Ransomware isn't a relative of the MoneroPay Ransomware and uses an AES, or Rijndael-derived encryption routine for locking different files. Traditional formats vulnerable to such attacks include Word or PDF documents, spreadsheets, compressed archives, music and slideshows. The components of your operating system, usually, are unaffected by this data-locking behavior. The Trojan also may upload its decryption key to a Command & Control server for selling (see below). The Creeper Ransomware also overwrites any extension on each file with the '.creeper' string, which, malware experts note, is slightly divergent from the standard of adding a second extension onto the previous one.
The Creeper Ransomware also places an English-language ransom message on the computer. Due to typos in its contents, malware analysts estimate that the note is a copy of an unrelated campaign, rather than an original work from an English-fluent threat actor. It gives the victim up to six days to pay before the key's deletion and offers a schedule for escalating the price, in Monero cryptocurrency, over time.
Putting a Creep Back out of Business
Besides its brand name, the Creeper Ransomware has no relationship with the original Creeper worm and represents a significantly worse threat to the digital media of any PC that it compromises. Although malware experts' estimates of its infection techniques remain tentative, they can verify that the Creeper Ransomware is in live circulation, with a working payload that includes both data-blocking and ransom-extorting functions, as per its threat actor's intentions. Users may compromise their systems via file-sharing networks, unprotected Web-browsing activities or downloads of unsafe e-mail attachments.
With an approximate ransom of 800 USD in Monero coins, the Creeper Ransomware offers an expensive decryption solution that may not even be genuine. Users concerned for the security of their files should schedule backups and maintain separate storage devices, such as USB drives or cloud storage, which aren't as susceptible to file-encrypting attacks. Different anti-malware programs also may delete the Creeper Ransomware and interrupt its attempt at harming your media.
No matter of what you use your computer for, an ounce of foresight in protecting it can prevent hundreds of dollars in damages. Allowing the misuse of the historical name 'Creeper' in the Black Hat industry is something that's the responsibility of every computer owner to prevent.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.