Crypt0L0cker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 264 |
| First Seen: | March 16, 2017 |
| Last Seen: | September 4, 2022 |
| OS(es) Affected: | Windows |
PC security researchers have noticed the return of the Crypt0L0cker Ransomware, now with a threat campaign that is targeting computer users located in Europe. In 2014, the Crypt0L0cker Ransomware was the most common ransomware Trojan in Europe and Australia (although known by a different name). In the middle of 2015, however, there was a decline in the Crypt0L0cker Ransomware attacks and distribution. Now, in February 2017, the Crypt0L0cker Ransomware is returning, attacking computer users located in Europe again. PC security analysts have received requests for help with the Crypt0L0cker Ransomware attack. In January and February 2017 the Crypt0L0cker Ransomware infections rose substantially, with hundreds of new attacks around the world in a very small span.
Table of Contents
The Crypt0L0cker Ransomware Infection and the New Campaign
The Crypt0L0cker Ransomware attacks being observed today are variants of the ransomware Trojan that was mostly active in 2014 and early 2015. This earlier version of the Crypt0L0cker Ransomware, known as Teerac or TorrentLocker then, has shown increased activity and is focused on carrying out attacks in Europe. One of the most targeted countries in this recent epidemic of the Crypt0L0cker Ransomware attacks is Italy, and PC security researchers have responded in this country to inform computer users of the attack. The current the Crypt0L0cker Ransomware campaign uses the Certified Electronic Email to deliver spam messages, which include bogus invoices. These supposed invoices allow the Crypt0L0cker Ransomware to be installed on the victim's computers. In the attacks targeting computer users in Italy, subject lines are used with names such as 'Invio fattura n. 391091' and contain attached .JS files named in a similar way. These terms make computer users believe that an invoice, or 'fattura,' is included in the email message. One aspect of this campaign that has caught the attention of computer users is that the spam emails are being sent out using Posta Elettronica Certificata, or PEC. This is a certified email that allows computer users to send out email messages with the same legal standing as registered mail, creating a receipt when delivered, and using a digital signature. Unfortunately, this aspect of this email system (which may be used in other Crypt0L0cker Ransomware attacks around Europe) gives the recipients of the emails a false sense of security, making them believe that the email messages are secure.
How the Crypt0L0cker Ransomware Attack Itself Works
The Crypt0L0cker Ransomware infection itself is not different from most other ransomware Trojans and, due to its age, does have some weak obfuscation techniques. However, the Crypt0L0cker Ransomware infection itself still carries out an effective attack that can be quite devastating. The Crypt0L0cker Ransomware, like other ransomware Trojans, encrypts the victims' files and then demands the payment of a ransom from the victim. Due to the strong encryption method used by the Crypt0L0cker Ransomware, the files encrypted by the Crypt0L0cker Ransomware are not recoverable without access to the decryption key. Because of this, the best method of dealing with the Crypt0L0cker Ransomware and similar threats is to ensure that preventive measures are taken to respond and minimize the damage after an attack appropriately.
Preventing the Crypt0L0cker Ransomware Attacks and Controlling the Damage
The single best protection against the Crypt0L0cker Ransomware and other ransomware Trojan attacks is ensuring that there are backups of all files. If computer users can recover their files by replacing it with a backup copy after an attack, then this threat's creators lose the leverage that allows them to demand ransom payments from the victim. Apart from backups, computer users are advised to ensure that the Crypt0L0cker Ransomware cannot enter their computers through the use of a reliable security application that is fully up-to-date. Since the Crypt0L0cker Ransomware may be spread through spam emails, an anti-spam filter and being aware of how these email tactics work is fundamental to prevent these attacks.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.