Home Malware Programs Ransomware CryptoLite Ransomware

CryptoLite Ransomware

Posted: July 13, 2018

The CryptoLite Ransomware is a file-locker Trojan that holds your media hostage with encryption until you pay its ransom, which it promotes through a pop-up. Due to limited rates of success with extortion-based decryption methods, most users should keep backups for restoring their documents and other files or contact members of the PC security community for additional help. Victims should let their anti-malware products uninstall the CryptoLite Ransomware immediately for preventing any additional encryption, corruption or deletion of their files.

The Fraudster Who's Switching Up His Game

A threat actor whose history tied into Bitcoin cons previously, evidently, is tending to a new interest in file-locker Trojans for an alternative source of illicit revenue. While this criminal's real identity is unknown, his hoaxes go back to 2016, and, currently, are reusing the same Bitcoin wallets for the CryptoLite Ransomware campaign. The CryptoLite Ransomware uses interactive pop-ups, similarly to the 'academic' PoisonFang Ransomware or the heavily-circulating Globe Ransomware family, for extorting the money after blocking the contents of the victim's PC.

The CryptoLite Ransomware uses the same '.encrypted' extension that malware researchers also find on other threats with encryption as a primary feature, such as the Hidden Tear's Genocheats Ransomware, or the HAHAHA Ransomware from the CryptoWire Ransomware family. Although it does encrypt and lock all files that it provides with this label, the specific algorithm it uses isn't yet identifiable and may be a variant of the AES, XOR or RSA. The file-locking technique takes place automatically, without requiring consent or showing the user any symptoms, and can damage documents, pictures and other media formats.

The CryptoLite Ransomware loads its HTA pop-up after the file attack and uses it for most of the details of ransoming the decryption solution. Instead of withholding the decryptor, the CryptoLite Ransomware sells the key and includes the decryption feature as a part of its standard installation. Besides a costly Bitcoin ransom (0.5, or over three thousand USD), the CryptoLite Ransomware also is 'loud' about its campaign for specifying a wallet that its author already is using in previous scenarios of fraud involving a 'double your Bitcoins' tactic unusually. This tactic is in promotion on Bitcoin-specific Web forums, and all owners of that cryptocurrency should familiarize themselves with the warning signs of fake offers of 'free' profit.

A Light at the End of the Tunnel for the CryptoLite Ransomware Victims

The limited legal recourse available to the victims who lose their Bitcoins to fraudulent behavior makes it unwise to accept offers of supposedly doubling your money or paying a ransom for a decryption service. Malware experts also provide another motivation for ignoring the reason: a warning that this Trojan's decryption code or key is hard-coded and, therefore, static. Entering the password of 'GuBlZEpxPFqDAtjNh7c6mKs4Iy9Mrfw2UYvn3ei5HTgaO1dCbz8QXLJk0RVoW' into the decryptor's input field should unlock any files with the current version of the CryptoLite Ransomware.

Since e-mail is a high-traffic infection vector for file-locker Trojans, users receiving unexpected e-mail attachments should analyze them with a trustworthy anti-malware product before opening documents or other files that could compromise their PCs. The CryptoLite Ransomware is only compatible with Windows computers, although most versions of the OS are at risk. Less than a dozen anti-malware brands are deleting the CryptoLite Ransomware accurately, for now, although updates are likely for improving their competing products' detection rates over the coming weeks. Users should delegate all manual uninstall efforts to appropriate PC security experts and performed only if no alternative is available.

A smart criminal knows not to stick with one con for too long since public awareness damages his chances of making money. The CryptoLite Ransomware is just another threat actor's adaptation to the market, just as PC owners should evolve, themselves, by doing all that they can for keeping their files safe.

Loading...