Crypt888 Ransomware
Posted: December 1, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 6,645 |
|---|---|
| Threat Level: | 5/10 |
| Infected PCs: | 1,956 |
| First Seen: | March 27, 2022 |
|---|---|
| Last Seen: | October 5, 2023 |
| OS(es) Affected: | Windows |
The Crypt888 Ransomware is a variant of the Mircop Ransomware, a Trojan that locks the files of its victims, extorts ransoms from them, and collects sensitive information, such as login combinations. During an infection, victims may note symptoms related to its encryption and extortion activities, such as changes to their wallpapers or the names of files that stop opening. Always remove the Crypt888 Ransomware with an anti-malware program and take appropriate precautions for re-securing any confidential information that the Trojan might upload to a threat actor.
Bad Cops Coming Back for More
The dual-threat of spyware and file-blocker Trojan that is the Mircop Ransomware has a new version, although this update may not include its recent ancestor's original accusations of law-breaking behavior towards its victims. The younger build, the Crypt888 Ransomware, still focuses on using non-consensual encryption as a way to lock digital media while selling the decryption tool. However, like the Mircop Ransomware, the Crypt888 Ransomware also is capable of launching other attacks without the same symptoms to alert the victims.
Malware experts have little direct evidence of the Crypt888 Ransomware's circulation patterns, but a minority of samples of this threat does include simple, compression-based obfuscation techniques that could harm the accuracy of some AV solutions. If it does install itself undetected, the Crypt888 Ransomware is capable of resetting the user's desktop background (currently, to a stock image of a beach), as well as loading the following attacks:
- The Crypt888 Ransomware may search the PC's directories for formats of media that include BMP or PNG pictures, DOC or PDF documents and MP3 audio clips. The Crypt888 Ransomware subjects every file fitting its list of formats to a routine of enciphering that blocks it from opening. Content that the Crypt888 Ransomware damages also displays a new affix: the 'Lock.' string (for instance, 'brickwall.bmp' becomes 'Lock.brickwall.bmp').
- Although it doesn't drop any messages currently, the Crypt888 Ransomware does have internal, unused support for generating ransom notes. This feature may load pop-up windows or create simple text instructions, either of which will demand payments for buying the threat actor's data-unlocking solution. In the Crypt888 Ransomware's ancestor, the Mircop Ransomware, these communications included fake legal alerts and specifications of Bitcoin, a cryptocurrency that gives the cybercrooks both anonymity and helps them avoid traditional refund policies.
- Critically, as a variant of the Mircop Ransomware, the Crypt888 Ransomware also may include a spyware module that collects passwords and user login names from the PC's Web-browsing sessions. Unlike the rest of its identifying features, this component shows no symptoms while it's operating.
When to Acknowledge and When to Ignore a Cybercrook
The latest members of the Crypt888 Ransomware's family use less expensive ransoms than those of the original Mircop Ransomware, which demanded an excessively steep sum of forty-eight Bitcoins. However, whether or not the Crypt888 Ransomware offers an affordable price for its decryption solution, victims should be prepared to search for alternatives to its payment plan, whenever appropriate. Along with always recommending that you back your files up safely for ease of recovery, malware experts also can suggest using currently-available decryption freeware from Avast Software for this family of threats.
Victims also should remain highly aware that the Trojan may monitor and upload any information associated with their Web browsers or online accounts without any symptoms or consent. This feature uses a separate component from the file-locking process and may occur independently. After disinfecting your PC, always act appropriately to regain control of any compromised accounts, such as by changing security questions, e-mail addresses or passwords. Anti-malware products are already deleting the Crypt888 Ransomware with relatively high rates of detection, and are preferable over manual removal, which may miss one of the Crypt888 Ransomware's components.
Data on how this Trojan might install itself is of limited availability, although both samples that malware experts note, to date, use misleading names on their installers. With the Crypt888 Ransomware's family ranging from Italy to Brazil, one's location is less relevant to the safety of their PC than one's choice in backup and security software.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.