OutCrypt Ransomware
The OutCrypt Ransomware is a file-locking Trojan without known relatives or a family. It attacks Windows systems by blocking their non-essential media files and may extort money from its victims for an unlocking service. Windows users should let anti-malware tools delete the OutCrypt Ransomware and maintain their backups for painless data recoveries.
Small Trojans Making Big Pop-Ups
Standard operating procedures for file-locker Trojans, like spyware or backdoor Trojans, emphasize stealth and running 'below the radar.' A new threat without Ransomware-as-a-Service ties, the OutCrypt Ransomware, is taking a different stance that might help users defend themselves against it. The OutCrypt Ransomware campaign involves visible windows while its locking feature – the centerpiece of the extortion attempt – is ongoing.
The OutCrypt Ransomware is, like many file-locker Trojans, a Windows program. The Trojan's payload uses a data-encrypting attack for locking various media files of possible value to the victim, such as documents, images, spreadsheets and music. Either due to being an early build in the wild or for other reasons, the OutCrypt Ransomware creates a visible Command Prompt or CMD window while doing so, which logs the encryption progress – and makes it very clear that an attack is occurring.
Malware researchers have yet to acquire the OutCrypt Ransomware's ransom note, if any. Trojans with the above features tend to use HTML, HTA, or TXT messages that ask for money – usually, Bitcoins – in exchange for the decryption service that unlocks the files. Paying is discouraged, in most scenarios, thanks to the built-in risk of making a payment and getting no help from the threat actor.
The OutCrypt Ransomware also has one other symptom, an underscore-based extension ('_out') that it places in the files' names. Although this change doesn't modify the format, it can help users find what types of content won't open.
Plucking Your Files Back Out of a Trojan's Jaws
The OutCrypt Ransomware's lack of discretion for its symptoms might be a debt to its distribution method, which could depend on a threat actor controlling the computer and managing the Trojan's deployment. Infection scenarios where this could occur are:
- A hacker could obtain access to a system with Internet-open RDP features. Remote Desktop functionality should always have reasonable security, such as a password requirement.
- Some servers could be vulnerable to attacks while they're using outdated software with public vulnerabilities.
- In other cases, a brute-force attack can 'crack' a password and help the attacker gain login access, especially if the password is simple or ordinary.
While Windows users should uninstall the OutCrypt Ransomware immediately, disinfection attempts should include general anti-malware scans. Leveraging professional anti-malware products will facilitate removing the OutCrypt Ransomware and any other threats that might help it, such as a bundled RAT or backdoor Trojan.
The OutCrypt Ransomware isn't quiet about what it does, and that warning klaxon might be what a victim needs to stop all of their work from becoming captive. Even so, those who are doing what they're supposed to do for data protection are already in little danger from another out of hundreds of file-locking Trojans.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.