CryCipher Ransomware
The CryCipher Ransomware is a file-locker Trojan that can block your media with encryption, add new extensions into their names, and create Notepad ransoming messages. Its campaign is leveraging installers that pretend that they're hacking tools for Paypal, which the threat actors could distribute via malvertising rings, torrents or download-themed websites. Let your anti-malware products block and remove the CryCipher Ransomware proactively, and use backups whenever possible for recovering your content.
Trojans Leaving Paypal Crooks Crying
Would-be hackers of the Paypal service, hoping to generate 'free' money with third-party tools, could get a surprise from one of the newest of file-locker Trojans. The CryCipher Ransomware is taking advantage of just such a disguise for compromising Windows PCs and blocking their files out of hopes for forcing the owners into paying ransoms. The result is the victims precipitating their poverty instead of would-be riches.
The CryCipher Ransomware is a PowerShell-based program that uses an AES encryption algorithm for locking the documents, pictures, and other media of any PCs that it infects. This means of attack is similar to that which malware experts see throughout many versions of Hidden Tear and much of the Ransomware-as-a-Service industry due to its efficiency and ease of implementation. However, they have yet to confirm the CryCipher Ransomware's securing it, such as by generating a semi-random RSA key for its protection, which raises the chances of a free decryption service being capable of unlocking the files.
Like most file-locking Trojans, the CryCipher Ransomware adds a customized extension into the names of the hostage media ('.locked'), although this symptom is generic extremely. The users may find the ransom note more helpful for identifying the threat, which contains a short sentence providing the criminal's Proton-based e-mail address and an ID for negotiating. The CryCipher Ransomware's ransom transaction history, unfortunately, is not trackable at this time.
An Easy Avoidance of Enciphering Issues
While researchers could confirm the CryCipher Ransomware's samples in early January, it wasn't until next month that malware researchers saw any cases of the CryCipher Ransomware using addresses implying a live distribution and proper attacks against PC users. Besides its Windows and PowerShell dependencies, the CryCipher Ransomware includes another limitation: not bypassing the UAC. This issue causes a consent prompt's appearance during the Trojan's installation that gives the victims a chance of evading the infection.
Beyond that advantage, the CryCipher Ransomware's current infection strategies only should impact the users who are seeking out illicit software, in the first place. 'Black Hat' forums and other aspects of the dark Web, along with torrenting networks, double as both places of illicit business and misinformation and attack. One out of every two anti-malware products, so far, are removing the CryCipher Ransomware appropriately as a threat, and users that scan their downloads before opening them should be at much-reduced risk.
While the cyber-security industry may provide new solutions to the CryCipher Ransomware's encryption, such attacks are self-induced problems, in the first place. Seeking out illicit programs, often, may strikes 'gold,' but not the software that the seeker was hopeful of finding.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.