Crypt.Locker Ransomware

The Crypt.Locker Ransomware is an encryption Trojan that behaves similarly to the Jigsaw Ransomware. The distributors of the Crypt.Locker Ransomware utilize spam emails to deliver threat droppers to users. In most cases, the users are welcomed to open a payment notification from an online store and a bank to confirm a purchase made recently. The designers of the spam messages are known to use copyrighted images and logos to convince users to open a macro-enabled document. Threats like the Crypt.Locker Ransomware and Satan666 Ransomware are known to land on computers after a macro was executed, which introduced the crypto threat into the system.

The Crypt.Locker Ransomware Trojan Works on the Latest Versions of Windows

Security researchers note that the Crypt.Locker Ransomware uses a reliable AES-256 cipher to lock data and may come with a fake digital certificate. The encryption engine of the Crypt.Locker Ransomware is designed to scan for data across connected drives including network shares. That means members of a corporate network may find encrypted files across their network. It is best to implement read/write policy to limit the capabilities of the Crypt.Locker Ransomware. The encryption routine of the Crypt.Locker Ransomware does not differ from those we have seen with threats like the Osiris Ransomware and the Vo_ Ransomware as it is rather straightforward. The content of data containers is enciphered using a unique key entirely, which is not saved locally. We have reports suggesting that the Crypt.Locker Ransomware is programmed to encode text, spreadsheets, video, audio, images, presentations, databases and eBooks.

The Affected Files Feature the '.epic' Extension

The Crypt.Locker Ransomware is a perfect example for a standard encryption Trojan. Ironically, the marker used by the Crypt.Locker Ransomware is the '.epic' suffix placed on encrypted objects. For example, 'Miyadaiku architecture.pptx' is transcoded to 'Miyadaiku architecture.pptx.epic.' Windows Explorer does not generate thumbnails for encrypted data with the '.epic' extension. The ransom demand is presented as an HTML file, which offers the following payment instructions:

'Very bad news! I am a so-called crypt.locker with following advanced functions:
Encrypting all your Data. . . . . Done!
Collecting all Logins, Contacts, eMail and Messenger History . . . . . Done!
Uploading all of it on a Sever . . . . . Done!
Sending a copy of this Package to All of you Contacts. . . . . Pending
Now here are some good news:
The pending task will never be executed and all your files will be decrypted again as soon as you did a BITCOIN PAYMENT within the next 72 h.
I will then remove myself from you system - like nothing ever happened!
To show you that I am serious I will delete every hour 1-5 files - better hurry!
If you fail no one will stop me from sending messages to all your contacts.
Sharing with them every private conversation or eMail of yours I could find.
Don’t try to be smart by closing me or Power off the Machine - its too late!
And I would become very angry after that...
Now make your decision: Accepting the loss of Privacy and data or coins the Payment.'

$5000 in Bitcoins is a Steep Price to Pay Even for Businesses

The team behind the Crypt.Locker Ransomware appears to be quite greedy when it comes to the ransom demand. Comparing the Crypt.Locker Ransomware to other Trojans from the same class shows that its ransom demand is truly epic given that most require around $750. Your best tactic against the Crypt.Locker Ransomware is to rely on a backup solution and a credible anti-malware shield. Threats like the Crypt.Locker Ransomware and other more advanced encryption Trojans are infective on computers that can be restored by using backup images and the Shadow Volume Copies made by Windows. You might want to explore what services like Google Drive, Dropbox, and Microsoft's OneDrive offer when you need to store your backups safely.