Cryptme Ransomware
The Cryptme Ransomware is a file-locking Trojan without a connected family or Ransomware-as-a-Service. This threat's campaign targets employees in the educational sector, with document-based lures crafted for resembling homework assignments. Users should always have backups of their work and personal media for recovery from these attacks, and traditional security programs should block or remove the Cryptme Ransomware.
Educational Technology Transitions Become Helping Hands for Trojans
Telecommuting classwork's rise is one of the many side effects of the Coronavirus epidemic. Like most events related to that disease, it's exploitable by bad actors. A threat actor referring to himself as 'employer21' plays admin to a fairly-novel variation on the typical file-blocking Trojan campaign, with custom-coded Trojans and custom-crafted lures. The victims, even more interestingly, are teachers.
Attacks start with e-mail messages with customized contents claiming that a parent is submitting their child's homework over e-mail due to failures in the 'usual' uploading process. The attachment is a ZIP-archived (archive compression is a usual means of obfuscating a file's corrupted contents from security solutions) corrupted document that uses Remote Template Injection for loading another file with a macro. If the user enables it, this macro downloads the Trojan inside a second executable wrapper for more concealment.
The Cryptme Ransomware is in Go, a programming language that malware experts rate as popular with file-locking Trojans. The independently-programmed software uses an encryption routine for blocking the user's media files, adds 'encrypted' extensions into their names, and creates a pop-up alert and a text ransom note. All of this is for harvesting eighty USD in Bitcoins. So far, there are no payments in employer21's wallet.
Modest Trojans Starting Their Classwork Off on a Strong Foot
The Cryptme Ransomware meager features aren't different from those of other file-locking Trojans throughout the landscape, such as the vast Ransomware-as-a-Services like theĀ Dharma Ransomware. Still, its limited functionality undersells the threat actor's apparent technical expertise. Its campaign uses novel means of exploiting free hosting services for delivering the payload, including alerting the threat actor to successful installations through either e-mail or SMS.
There isn't a free decryption solution to the recently-identified the Cryptme Ransomware, and encryption routines tend to be secure without much time or effort expended by the Black Hat programmers. Although all Windows users should have backups for recovering their media from threats like this one, this precaution is relevant to users with large quantities of valuable documents or other data related to their workplace environments, especially. Malware experts also remind readers that e-mail attachments archive-enclosed ones and documents with macros, especially, should be looked on with suspicion of security risks.
Users who don't enable the macros in these lures are safe from the current version of the Cryptme Ransomware's e-mail attacks. Anti-malware tools also are excellent means of blocking it or safely removing the Cryptme Ransomware from an infected computer.
The care in the Cryptme Ransomware's craftsmanship might not be apparent to the teachers finding themselves with a stereotypical case of encryption-locked files on their computers. However, the Cryptme Ransomware and employer21 are far from bare-minimum effort players, even in a field full of similar Trojans and threat actors.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.