CryptoCat Ransomware
Posted: September 16, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 5/10 |
---|---|
Infected PCs: | 69 |
First Seen: | September 16, 2016 |
---|---|
OS(es) Affected: | Windows |
The CryptoCat Ransomware is a Trojan that encrypts your files and creates a message demanding a ransom for decrypting them back to a usable format. Con artists often fail to honor these transactions or provide decryptors that malfunction and malware experts recommend using different solutions for restoring your information, if possible. Besides guarding against common infection vectors, you can use standard anti-malware protection to block the CryptoCat Ransomware's payload or remove this threat from your computer.
The New Threat Pouncing on Your Files
Con artists interested in profiting quickly often find creative ways of taking advantage of the value inherent in possessions that don't belong to them. In previous years, the threat industry often implemented this line of attack in the form of denying access to your computer, such as by the simple expedient of launching pop-ups that block your desktop. Recent versions of 'ransomware' style Trojans are more likely to target your data directly, as malware experts see with threats like the CryptoCat Ransomware.
The CryptoCat Ransomware (not related to the now-defunct the CryptoCat browser extension, which facilitates privacy-protected chats) scans for files on your local drives fitting into formats included in its whitelist. Although con artists may reconfigure the CryptoCat Ransomware for targeting different types of data, some of the usual cases malware experts can point out include Word documents, compressed archives, Excel spreadsheets, and most widely-used forms of images and audio content. After finding these files, the Trojan encrypts them with an algorithm yet to be identified, blocking you from opening them.
The Trojan also creates new files for the victim: Notepad TXT messages using formats that readers may recognize from other, similar campaigns. The contents of the instructions demand a ransom payment within a week before the threat actors delete the key required for decrypting your data. Like most con artists, the CryptoCat Ransomware's authors prefer Bitcoin payments, which, in theory, guarantee their anonymity
What to Do When the Cat's out of the Bag (and in Your Files)
Most file encrypting Trojans display determinable symptoms after their attack functions complete their intended purposes, and malware experts find no exception to this rule in any samples of the CryptoCat Ransomware. PC owners may detect the CryptoCat Ransomware by looking for its ransom message ('Your files are locked !.txt'), by identifying encrypted and blocked content, and by looking for data bearing the '.the CryptoCat' extension.
Readers should note that although the CryptoCat Ransomware claims to use an RSA-2048 algorithm as part of its encryption routine, its self-description is part of a widely-reused text that's unlikely of being accurate to this Trojan's payload. You can contact appropriate members of the PC security sector for help with decrypting your content without paying the CryptoCat Ransomware's ransom. In other cases, restoring content from an unencrypted backup may be your sole restoration option.
Victims paying this con artist fee and victims availing themselves of free recovery solutions alike should use anti-malware software for deleting the CryptoCat Ransomware and halting any further encryption attacks. However, with threats like the CryptoCat Ransomware being as prone to fecundity as real cats, being wary of the most common security vulnerabilities enabling a Trojan's installation is equally important.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.