Home Malware Programs Ransomware MCrypt2019 Ransomware

MCrypt2019 Ransomware

Posted: July 29, 2019

The MCrypt2019 Ransomware is a file-locking Trojan from the Xorist Ransomware family. Along with locking digital media like documents, the MCrypt2019 Ransomware can change your wallpaper, display ransom notes, and add unwanted extensions onto your files. Users can back their data up as a preferential substitute for paying the ransom for recovery and use anti-malware programs for deleting the MCrypt2019 Ransomware safely.

There's No Summer Vacation for RaaS Businesses

While the Xorist Ransomware is one of the quieter Ransomware-as-a-Service families, PC users believing that it's in hibernation are due for an unhappy wakeup call: the MCrypt2019 Ransomware. This variant of the file-locking Trojan's family is out in the wild and includes all the usual, ransom-demanding and data-sabotaging characteristics. While it's keeping files under lock and key, it also expresses a less-archetypal tic: labeling them so that they look like an executable.

Despite the XOR reference of the name, the MCrypt2019 Ransomware variant of the Xorist Ransomware uses TEA encryption. It has few fellow members sharing campaign space with it in 2019, although malware researchers also found much earlier samples of the 'restore_service99@scryptmail.com' Ransomware, the MBRCodes Ransomware, the Mcafee Ransomware, and the Vaca Ransomware. Like them, it blocks slightly over seventy formats of media, such as pictures and documents, with this encryption.

The MCrypt2019 Ransomware's chief difference is, as usual, the extension of choice it applies onto these files' names. The MCrypt2019 Ransomware uses the very unconventional choice of 'exe,' which makes every file that it blocks resemble a program's executable. Readers should note that malware experts find no evidence of this change being anything other than superficial and that all attempts at opening this content, still, will fail.

Stepping Away from a Six Hundred Dollar Ransom

The MCrypt2019 Ransomware uses both local Web pages and BMP pictures (which it places on the desktop, as a wallpaper) for delivering its ransom demands. Theoretically, victims can pay six hundred USD in Bitcoins for a decryptor that restores their files. However, there is a working, freeware decryptor for the Xorist Ransomware family. Therefore, it's unsurprising that malware experts see no payments into the MCrypt2019 Ransomware's Bitcoin wallet, so far.

Since decryption's availability is a sometimes-unstable variable, PC users with irreplaceable files shouldn't depend on it too strongly. Backing up work to removable devices or cloud servers will offer additional, convenient recovery options for media of the formats that are most likely of being under attack. These file formats include Word and PDF documents, Excel spreadsheets, pictures, compressed archives, audio and video.

Most anti-malware programs have successful track records for identifying members of the Xorist Ransomware. Users with infected PCs can quarantine or delete the MCrypt2019 Ransomware with such software, at their leisure, before recovering their work through any of the above methods.

Some versions of the MCrypt2019 Ransomware's attack Russian-speaking targets, although the MCrypt2019 Ransomware uses English. With no other clues on how its threat actor plans on attacking, owners of digital media worldwide will need to take the usual precautions – or pay the price of not doing so.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to MCrypt2019 Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.