Cry128 Ransomware
Posted: May 5, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 1,543 |
First Seen: | May 5, 2017 |
---|---|
Last Seen: | June 27, 2023 |
OS(es) Affected: | Windows |
The Cry128 Ransomware is part of the Crypton Ransomware family of file-encrypting Trojans. After the encryption routine locks your data, the Cry128 Ransomware creates messages redirecting you to its ransom-paying site for unlocking purposes. Malware experts recommend using any other recovery method, if possible, along with standard security practices and software for removing the Cry128 Ransomware.
Hibernating Trojans Spring Back to Life
Although large families of RaaS-based threats like the Cerber Ransomware, and even some versions of Hidden Tear, are responsible for the bulk of file-encrypting attacks this year, smaller groups of Trojans also are finding profit and success. Exemplifying this fact is the Crypton Ransomware (sometimes referred to as CryptON) and its new variant: the Cry128 Ransomware, which demonstrates some new behavioral changes in the program. However, the underlying core of the Trojan's payload still is to hold your files hostage for pay via a data-encoding attack.
Threat actors are launching the Cry128 Ransomware manually on compromised systems that they gain control over after brute-forcing their password security. Despite its origins linking closely with Russia, the Cry128 Ransomware targets English speakers with its ransoming notes primarily. The Cry128 Ransomware delivers these messages after it locks the victim's local files, such as documents.
The Cry128 Ransomware encrypts almost all media on the infected PC by using an AES-128-block algorithm with 1024-bit keys. Malware experts can confirm multiple extensions, all with similar formats, being appended, which could be symptomatic of different versions of this Trojan. All of them include personalized ID numbers, an address to the threat actor's TOR ransoming site, and a small, additional tag, such as an underscore. There's no way to open the locked media until they're decrypted again, although free solutions are available (see below).
Responding When Your Files Start Crying
The Cry128 Ransomware is threatening for not isolating your files according to their formats particularly. Instead of doing so, it encrypts everything that isn't in one of three directories, all of which are essential to the Windows OS. Due to variances between builds of the Cry128 Ransomware, your locked files may display larger or smaller sizes that vary between 16 and 132 additional bytes. Thanks to further research by Emsisoft, some variants of the Cry128 Ransomware are subject to free decryption tools, although malware experts warn that this solution isn't applicable to all versions of the Trojan universally.
Although the SOP of threat actors with Trojans like the Cry128 Ransomware is asking for ransoms through their websites and text messages, pay carries with it no certainty of any decryption service. You can best protect your files by keeping copies of them on peripheral devices or cloud servers that the Cry128 Ransomware can't delete. Having professional password security standards and anti-malware products for removing the Cry128 Ransomware immediately also may prevent infections from taking place.
The Cry128 Ransomware's two hundred dollar fee in Bitcoins isn't the worst fate that could happen to users who don't protect their PCs or data. However, it still is an unnecessary expense that anyone could prevent with a few minutes of work.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.