'.cryptgh0st File Extension' Ransomware
The '.cryptgh0st File Extension' Ransomware is a file-locker Trojan that uses encryption for preventing documents, pictures, and similar media formats from opening. These attacks coincide with the Trojan's creating text messages in the HTML format that ask for money. Instead of paying the ransom, recover from a backup, when it's available, and use anti-malware products for preventing infections or removing the '.cryptgh0st File Extension' Ransomware safely after the fact.
The Ghost with a Familiar Face
Partial samples of a new, file-locking Trojans' components and accompanying campaign are showing that new threat actors have an interest in impeding users' file accessibility for profit margins. While malware experts estimate that the Trojan, the '.cryptgh0st File Extension' Ransomware, is a variant of the April's MauriGo Ransomware, many details remain speculative. How the '.cryptgh0st File Extension' Ransomware is installing itself and which users are questions requiring further investigation.
The '.cryptgh0st File Extension' Ransomware uses encryption-based attacks for converting any files fitting its format and folder whitelist into non-opening versions, with AES-256 in CTR being the current estimate for its enciphering mechanism. Every file that it locks, besides acquiring '.cryptogh0st' extensions onto their previous ones, also have their names encoded with the Base64, which may keep the victim from identifying the individual documents, pictures, and other, affected media.
The '.cryptgh0st File Extension' Ransomware's telltale symptom is the HTML ransoming message it generates, which malware experts are pointing out as being identical to some versions of the MauriGo Ransomware. The first threat uses a code that's available on the Web for no charge, although its encryption is secure against all traditional, third-party decryption attempts. The 0.03 Bitcoin ransom (just over two hundred USD) is the threat actor's price for the custom decryptor, although users should consider the high risk of ransom transactions before paying.
Setting Trojan Spirits Back in Their Crypts
If the '.cryptgh0st File Extension' Ransomware is truly a variant the MauriGo Ransomware, it also may include the cryptocurrency-mining component, which hijacks the system's resources and hardware for creating Bitcoins. Regardless of the value of any files that the Trojan might encrypt, unsafe miner configurations can cause hardware burnout and significant performance problems. Victims should respond to any suspected infection as soon as possible and monitor all processes for any unusual statistical spikes.
Without any decryptors available freely, users only can guarantee the recovery of their files by backing them up, first. Local-saved backups are at risk of secure deletion from most file-locking Trojans, and malware experts encourage using cloud or detachable storage, whenever it's appropriate. Anti-malware software should have no issues with deleting the '.cryptgh0st File Extension' Ransomware upon sight.
Freeware Trojans are less challenging to analyze than 'closed source' threats, but this convenience to the anti-malware research community does nothing for victims of a file-locking attack. Anyone finding themselves tempted to forget their backups should keep the easy security of encryption attacks like the '.cryptgh0st File Extension' Ransomware's payload in mind.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.