'mcrypt2018@yandex.com' Ransomware

The 'mcrypt2018@yandex.com' Ransomware is a file-locker Trojan that blocks the contents of your hard drive with DiskCryptor, an open-source encryption program. Instead of displaying pop-ups or text instructions, it issues its demands in a screen that appears after the Trojan's hijacking of the boot-up routine. Users should back their work up for efficient recoveries from these attacks and, if relevant, have their PCs security products block or delete the 'mcrypt2018@yandex.com' Ransomware immediately.

The Worst Screen You can See on Your Computer

File-locker Trojans, generally, put more than a little effort in choosing what files that they lock for ransoming. Most threats in this category will attack pictures, text documents, and other data that is encryptable quickly and efficiently, while, still, maximizing their extortion collateral. When a Trojan goes out of its way to do the opposite, it's always noteworthy, as malware researchers see with the 'mcrypt2018@yandex.com' Ransomware, the newest abuser of DiskCryptor's features.

Relatives of the 'mcrypt2018@yandex.com' Ransomware include the 2017's Bad Rabbit Ransomware, the HDDCryptor Ransomware, and the MBR-Oni Ransomware, although DiskCryptor's being open-source means that the threat actors between each campaign aren't, necessarily, the same individuals. Unlike other, typical file-locking Trojans, the 'mcrypt2018@yandex.com' Ransomware uses the freeware for blocking the entire hard drive's contents, instead of filtering specific formats, such as JPGs or DOCs, for capturing.

Malware researchers also are verifying the 'mcrypt2018@yandex.com' Ransomware's using an auto-rebooting feature, very much like a disk-wiper Trojan, that restarts the PC as soon as all of the data encryption completes. The following startup process doesn't load Windows; instead, it shows the 'mcrypt2018@yandex.com' Ransomware's 'ransom note,' which is a simple, black screen with an e-mail, ID, hostname and a prompt for the key. The threat actor is ransoming the key to recovering the hard drive's contents for unknown sums, but prepaid vouchers and cryptocurrencies are the usual payment methods of preference.

Finding the Light at the End of a Black Screen

Having a backup on another PC or storage device is a necessity for recovering from the 'mcrypt2018@yandex.com' Ransomware infections, which threaten, not just personal data, but the entire contents of your drives. Other than some samples of the 'mcrypt2018@yandex.com' Ransomware's installer containing references to Chinese domain-seller websites, malware analysts are identifying few hints as to its distribution tactics or preferred victims. Brute-force attacks against vulnerable server logins, e-mail attachments, and fake downloads of popular gaming products are some of the possible exploits its campaign may start using.

Most cyber-security programs are detecting the latest releases of the 'mcrypt2018@yandex.com' Ransomware that malware researchers have available to them for analyzing. Using strong password protection for all login credentials, scanning downloads before opening them, updating software in general, and disabling risky browser features such as scripts will fight against many infection strategies. In a worst-case scenario, your anti-malware programs may remove the 'mcrypt2018@yandex.com' Ransomware before it finishes its attacks.

Although the damage that the 'mcrypt2018@yandex.com' Ransomware inflicts on a Windows PC is extreme, the techniques it uses are available to all criminals with interest in exploiting them. Prevention, rather than after-the-fact recovery, is a survival mindset for all PC users in this day and age.