Cry36 Ransomware
Posted: June 8, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 71 |
| First Seen: | June 8, 2017 |
|---|---|
| Last Seen: | August 31, 2019 |
| OS(es) Affected: | Windows |
The Cry36 Ransomware is a member of the CryptON or Crypton Ransomware family of file-encoding threats, which can lock your files by encrypting them. Although the Cry36 Ransomware includes some minor, technical changes to its payload, symptoms to the victim remain consistent with past infections: being unable to open any locked files, filename extension edits, and seeing text-based ransom messages from the campaign's threat actor. Although malware experts always recommend that you block file-damaging threats preemptively, many anti-malware products also may remove the Cry36 Ransomware afterward.
All the Difference that a Few Bytes can Make
Size and danger level don't have a one to one correlation for many predators, even including ones in the threatening software sector. For instance, an infection caused by a member of a high-count family of Trojans, like Hidden Tear, sometimes is easier to resolve than one that's the fault of a 'lesser' one like the Crypton Ransomware. This disparity is often at its greatest when determining how harmful new file-encoding Trojans like the Cry36 Ransomware are to your computer's media.
The Cry36 Ransomware is a Trojan apparently created for the purpose of avoiding old decryption solutions that were effective at restoring the locked content of previous Crypton Ransomware variants, like the Cry128 Ransomware. Like most members, the Cry36 Ransomware's name is a reference to the byte size-related changes of its encryption attack, which enlarge the size of every file it locks by 36 bytes. The encryption attack may block specific files (documents, pictures, et cetera), filtering them by strings in their names, extensions or locations.
The only symptom of the Cry36 Ransomware's attack arrives after the encryption routine completes: a text message placed in a highly visible location for the victim to read. Both this file and the filename changes that the Cry36 Ransomware makes provide no information besides pointing towards one of several e-mail addresses for contacting the Trojan's threat actor, which appears to be dedicated ransom-negotiating channels. The Trojan also gives each infection a customized ID to facilitate the proposed decryption solution.
Keeping a 36-Byte Attack from Taking a Bite out of Your Money
Paying threat actors Bitcoins or other ransom-related currencies sometimes can help a victim decode their files, but, even more often, lets the con artist take the pay and ignore any requests for help. While elements in the anti-malware industry are working to update definitions and solutions to account for the Cry36 Ransomware campaign, malware experts have yet to see any decryption solutions compatible with it. PC owners who believe they have samples of the Cry36 Ransomware may want to consider quarantining it with appropriate security tools and submitting samples to interested researchers, who may be able to update current decryption apps.
For threats like the Cry36 Ransomware, where decryption is at a premium or impossible, backups are the leading protection you can give to your files. Malware analysts also encourage using non-lenient settings while browsing websites or accessing e-mail-distributed content, both of which are fertile grounds for propagating file-encrypting Trojans. Anti-malware protection, if updated and present, should delete the Cry36 Ransomware as soon as it tries to infect the PC.
Updating Trojan projects like the Cry36 Ransomware's family is a never-ending race between ill-minded programmers and security sector workers. For most readers, however, doing their part isn't any harder than making periodic backups and avoiding clicking on the wrong file.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.