CrystalCrypt Ransomware
Posted: June 1, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 81 |
| First Seen: | June 1, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The CrystalCrypt Ransomware is a Trojan that can lock your files by encrypting them, concluding with a text message asking for Bitcoins for the decryption solution. PC users can try freeing data retrieval methods to recover from any damage this threat inflicts or preventing its attacks by adhering to the proper security protocols. Most anti-malware applications may delete the CrystalCrypt Ransomware after identifying it heuristically.
All the Fun of Having Your Files Taken Hostage
The final week of May remains a busy one for threat actors disseminating non-consensual encryption payloads, which can hold the files of a PC hostage until the user meets arbitrary conditions. The CrystalCrypt Ransomware is one of the most recently confirmed of such threats without any relatives verifiable directly, although some members of the PC security sector speculate of a relationship to last month's LightningCrypt Ransomware. Whether it's a minor variant or a wholly new Trojan, the CrystalCrypt Ransomware continues demonstrating how easy it is to code non-consensual encryption attacks.
Some aspects of the CrystalCrypt Ransomware's behavior imply that its administrators are using Remote Desktop attacks to install the Trojan or related threats. Whether or not this is true for current infections, the CrystalCrypt Ransomware also initiates network connections for purposes such as downloading its configuration parameters or uploading a customized ID to a C&C server. When its setup activities complete preliminary, the CrystalCrypt Ransomware proceeds with encrypting files in locations such as the user's Downloads and Documents folders.
The encoding attack prevents all affected media from being readable, and users can identify it through the '.BLOCKED' extensions that the CrystalCrypt Ransomware appends to every name. The Trojan's payload also includes support for a Notepad-based ransoming message that malware experts note as being deposited on the desktop and opening automatically. This text includes a warning about deletion for victims who try to 'do anything,' payment instructions, and a tongue-in-cheek recommendation to 'have fun.'
Taking the Shine Off of a Crystal Trojan's Campaign
To those not familiar with cryptocurrency exchange rates, the fraction of a Bitcoin that the CrystalCrypt Ransomware demands may sound like a bargain for restoring your files. However, 0.17 Bitcoins converts to over 400 USD under current rates, and the victim can't refund it if the threat actor chooses not to help with the decryption. Such expensive hazards cause malware analysts to encourage all other methods of recovery in preference ordinarily, such as using free decryption software or a backup that the CrystalCrypt Ransomware hasn't damaged.
Like many file-encrypting Trojans, the CrystalCrypt Ransomware may compromise local network-accessible drives or delete localized backups. You should password protect your backups or store them on devices not attached directly to a system with Web connectivity for reducing this threat's scope for damage. Although this Trojan is newly-identified, an updated anti-malware program may delete the CrystalCrypt Ransomware before its encryption routine can finish loading.
As a matter of habit, threat actors will lie about the attacks their Trojans can commit while extorting money. However, non-consensual file deletion is a simple function even low-level threats can accomplish, and PC users are advised not to assume that every Trojan like the CrystalCrypt Ransomware is bluffing.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.