WormCryptor Ransomware
The WormCryptor Ransomware is a file-locking Trojan that holds your media for ransom after encrypting it. The attacks may include documents, images, and other, popular formats, which the WormCryptor Ransomware converts into illegible data while inserting extensions into their names. Let your anti-malware products remove the WormCryptor Ransomware from your computer and use backups or free decryption options for recovering any files.
This Worm is More of a Trojan
File-locker Trojans are obscuring their identities continually by both collecting the 'brands' of others, such as the Globe Ransomware versus the Globe Imposter Ransomware seeding dead-end trails in their symptoms, and using intentionally inaccurate names. Recent attacks by a Trojan that may or may not be a part of those families are upholding this manipulation of its' victims' psychology by pretending that it's a worm. The WormCryptor Ransomware, also, carries one other detail that malware experts find of interest: compatibility with Linux systems, instead of Windows OSes.
The WormCryptor Ransomware uses encryption with an unknown algorithm (AES being likely but indefinite, yet) and enciphers different formats of files throughout the PC. Unlike many file-locking Trojans, the WormCryptor Ransomware includes more than just pictures and other media in its search for what it will lock – it also attacks non-media data types, such as the Linux-specific DEX Dalvik Executable. In other areas, its encryption is similar to those of other file-locker Trojans, and malware experts are confirming its use of extensions ('WORMCRYPTOR') for labels.
There's no evidence of the WormCryptor Ransomware's duplicating itself or compromising removable devices or local networks for infecting new PCs, unlike the payload of a legitimate worm like Worm.VBS.Dinihou.B or WORM_PIZZER.A. Malware researchers are recommending disabling network connections and isolating portable storage devices, regardless, for keeping the Trojan from encoding any more files.
Pulling a Fake Worm Out of Your Files
Although the WormCryptor Ransomware uses a new set of instructions for its ransoming note, it does so through Notepad files, similarly to Hidden Tear or the Scarab Ransomware. Its campaign comes with support for a TOR-based website and is asking for payment within one day, although malware experts have yet to track any payments through Bitcoin or other means. Paying the ransom doesn't procure a decryptor automatically, and all victims should test their options with unlocking their work via freeware solutions or backups.
Security and AV solutions can guard against most of the infection methods that are relevant to file-locker Trojans' attacks, except for brute-force hackings of server logins. Users should maintain stringent password security, avoid enabling macros or opening documents carelessly and update software for improving their protection from exploit kits and scanning-based attacks. Reputable brands of anti-malware products can remove the WormCryptor Ransomware or, in better scenarios, block the installation and encryption attack.
The ransom that the WormCryptor Ransomware is demanding is unquantifiable, according to the data that malware experts have on hand. What's definite, however, is the fact that paying, whether it's in Bitcoins or something else, to get something that should be yours already is a game for criminals and fools.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.