NETCrypton Ransomware
Posted: November 29, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 5/10 |
|---|---|
| Infected PCs: | 176 |
| First Seen: | March 1, 2022 |
|---|---|
| Last Seen: | July 6, 2023 |
| OS(es) Affected: | Windows |
The NETCrypton Ransomware is a file-locking Trojan that disguises itself as a cracking utility for data recovery software. Current releases of this Trojan provide a prompt that the user may refuse for avoiding its encryption attacks, although future ones may omit this option and lock your files automatically. Have legitimate backup software and standards in place to protect your media from this threat and always let a dedicated anti-malware program delete the NETCrypton Ransomware for the safety of your PC.
Trojan Attacks with the Choice of Opting Out
With the need to balance verifying their attack functions along with the stability of a testing environment, developing threatening software can provide unique challenges for the authors. For file-locking threats, this development stage is often self-limited by having the Trojan attacking only a highly niche location or set of file formats. With the NETCrypton Ransomware, however, the Trojan is providing an unusual, extra 'feature' that may help the victims avoid damaging their PCs: a pop-up that gives them the option to refuse the infection.
The NETCrypton Ransomware's executables are disguising themselves as generators for EaseUS software keys, which is an application for maintaining backups. This disguise is part of more than just the name of the file; malware analysts can confirm that the NETCrypton Ransomware includes a fake user interface that imitates a traditional keygen application with fields for licenses and activation codes. However, before this UI appears, the program gives you an option to 'execute this ransomware' or turn it down, which probably is a safety feature for the Trojan's author.
Users who select 'yes' to the original request and try to use the key generator will, instead, lock the documents, pictures, and other media on their PCs with the NETCrypton Ransomware's encryption feature, which uses a cipher that malware analysts have yet to confirm. The Trojan also creates a stereotypical ransom message through an HTML pop-up, which gives the victim a Bitcoin ransoming demand of 300 USD and a wallet address (but no other information, such as an e-mail address to contact for more help).
Generating a Sense of Safety from File-Lockers
Since the removal of the NETCrypton Ransomware's testing feature could occur at any time with nearly no effort by its threat actor, PC users should avoid presuming that the Trojan always will ask them whether or not they want to run it. Key generators are an extremely traditional disguise for many types of threatening software, including some forms of file-locking threats, and, like all piracy-related applications, should be assumed as being potentially harmful to your computer. Users often encounter these tactics via corrupted websites dedicated to providing fake freeware, as well as decentralized file-sharing networks such as torrents.
Ironically, the NETCrypton Ransomware's tactic also gives any victims a hint on the correct way to reduce its negative security implications. Using backup software and schedules, and securing any additional storage devices, can help with restoring any content that the NETCrypton Ransomware locks (which always should bear the '.encrptd' extension). At least one third-party researcher in the security community also is providing free decryption services for this threat. Preferably, your anti-malware programs should remove the NETCrypton Ransomware before any attacks happen whether or not you agree to its initial request.
Not every Trojan is as considerate as the NETCrypton Ransomware, and even this campaign may soon be fine-tuning the consensual aspects of its payload. Users willing to break the law by downloading and running illicit software have no one other than themselves to blame for being victimized in their turn.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.