CyberSCCP Cryptor Ransomware
The CyberSCCP Crypto Ransomware is a file-locking Trojan that uses encryption for holding your files hostage and stopping them from opening. This threat also may include features for causing permanent data corruption or deletion that make your documents and other media irretrievable, regardless of the availability of a decryption tool. Have anti-malware products eliminate the CyberSCCP Crypto Ransomware upon its detection, and copies your files to other devices for safekeeping.
The New Turn of Warfare from the Middle East: Ransoming Files
Iranian threat actors are managing the development and apparent deployment of a new, file-locker Trojan that runs off of AutoIT scripts in ways that are reminiscent of the April's AutoTRON Ransomware. Its ransoming messages are in English, which makes it compatible with a wide range of victims around the world, and its attacks include both the potential for locking files temporarily and damaging them permanently. Malware experts can't connect the CyberSCCP Crypto Ransomware to any well-known family, like Hidden Tear, and are seeing different installers for it under a variety of semi-random names.
The executables for the CyberSCCP Crypto Ransomware are being distributed under various names using arbitrary strings of numbers (such as '220316257.exe') and might circulate via other threats, such as Trojan downloaders or corrupted document macros. Interestingly, malware experts also are noting that part of the CyberSCCP Crypto Ransomware's install routine includes dropping a fake Microsoft Update LNK file, which behavior is similar to the unrelated Scarab-Bomber Ransomware. After the installation, the CyberSCCP Crypto Ransomware launches a traditional data-locking attack that focuses on non-essential media, such as documents and pictures.
The CyberSCCP Crypto Ransomware may lock the files that it attacks with an algorithm, such as AES-256, but also may overwrite the file data permanently or delete content automatically. The CyberSCCP Crypto Ransomware prepends a '.Lock' string onto the media, instead of inserting a suffix at the end, as is the traditional behavior for file-locker Trojans. In visual terms, the CyberSCCP Crypto Ransomware's most significant symptom, besides keeping users from opening their files, is the forcible hijacking of the desktop's wallpaper, which it replaces with a ransom note and an image of a house superimposed by a hangman's tree. The message asks for 0.3 Bitcoins and provides an e-mail address for negotiating on the unlocking service.
Getting Your Files a Stay of Execution
While its names in use imply that the CyberSCCP Crypto Ransomware's authors are distributing it with the help of additional threats, malware experts can't confirm whether the Trojan's campaign is employing spam e-mails, brute-force attacks or other, specific infection vectors. The resources associated with the CyberSCCP Crypto Ransomware's development also imply that the threat actors have some familiarity with HeroRAT, a Telegram-based rootkit that specializes in compromising Android devices. However, since that rootkit's source code is available for free, this fact does little for narrowing down the identity of the developing team.
Users should always back their files of any value up to another device, such as password-protected servers or devices that can detach themselves from a network-accessible PC. While the CyberSCCP Crypto Ransomware does use UPX-based 'packing' methods for stealth purposes, most anti-malware programs are finding and deleting the CyberSCCP Crypto Ransomware, as long as they're using their latest threat databases. Paying the ransom, if the user considers it at all, only should be attempted after trying every other recovery option that's available, including contacting any available cyber-security researchers for their decryption help.
The development of file-locking software and the profits to reap from it is a worldwide concern. New entries into this Black Hat industry, like the CyberSCCP Crypto Ransomware, show best that there are, still, new possibilities for threat deployment and long-term data loss beyond those that Hidden Tear and the Globe Ransomware are pioneering.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.