Crypt.Locker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 14 |
First Seen: | December 8, 2016 |
Last Seen: | May 5, 2022 |
OS(es) Affected: | Windows |
The Crypt.Locker Ransomware is an encryption Trojan that behaves similarly to the Jigsaw Ransomware. The distributors of the Crypt.Locker Ransomware utilize spam emails to deliver threat droppers to users. In most cases, the users are welcomed to open a payment notification from an online store and a bank to confirm a purchase made recently. The designers of the spam messages are known to use copyrighted images and logos to convince users to open a macro-enabled document. Threats like the Crypt.Locker Ransomware and Satan666 Ransomware are known to land on computers after a macro was executed, which introduced the crypto threat into the system.
Table of Contents
The Crypt.Locker Ransomware Trojan Works on the Latest Versions of Windows
Security researchers note that the Crypt.Locker Ransomware uses a reliable AES-256 cipher to lock data and may come with a fake digital certificate. The encryption engine of the Crypt.Locker Ransomware is designed to scan for data across connected drives including network shares. That means members of a corporate network may find encrypted files across their network. It is best to implement read/write policy to limit the capabilities of the Crypt.Locker Ransomware. The encryption routine of the Crypt.Locker Ransomware does not differ from those we have seen with threats like the Osiris Ransomware and the Vo_ Ransomware as it is rather straightforward. The content of data containers is enciphered using a unique key entirely, which is not saved locally. We have reports suggesting that the Crypt.Locker Ransomware is programmed to encode text, spreadsheets, video, audio, images, presentations, databases and eBooks.
The Affected Files Feature the '.epic' Extension
The Crypt.Locker Ransomware is a perfect example for a standard encryption Trojan. Ironically, the marker used by the Crypt.Locker Ransomware is the '.epic' suffix placed on encrypted objects. For example, 'Miyadaiku architecture.pptx' is transcoded to 'Miyadaiku architecture.pptx.epic.' Windows Explorer does not generate thumbnails for encrypted data with the '.epic' extension. The ransom demand is presented as an HTML file, which offers the following payment instructions:
'Very bad news! I am a so-called crypt.locker with following advanced functions:
Encrypting all your Data. . . . . Done!
Collecting all Logins, Contacts, eMail and Messenger History . . . . . Done!
Uploading all of it on a Sever . . . . . Done!
Sending a copy of this Package to All of you Contacts. . . . . Pending
Now here are some good news:
The pending task will never be executed and all your files will be decrypted again as soon as you did a BITCOIN PAYMENT within the next 72 h.
I will then remove myself from you system - like nothing ever happened!
To show you that I am serious I will delete every hour 1-5 files - better hurry!
If you fail no one will stop me from sending messages to all your contacts.
Sharing with them every private conversation or eMail of yours I could find.
Don’t try to be smart by closing me or Power off the Machine - its too late!
And I would become very angry after that...
Now make your decision: Accepting the loss of Privacy and data or coins the Payment.'
$5000 in Bitcoins is a Steep Price to Pay Even for Businesses
The team behind the Crypt.Locker Ransomware appears to be quite greedy when it comes to the ransom demand. Comparing the Crypt.Locker Ransomware to other Trojans from the same class shows that its ransom demand is truly epic given that most require around $750. Your best tactic against the Crypt.Locker Ransomware is to rely on a backup solution and a credible anti-malware shield. Threats like the Crypt.Locker Ransomware and other more advanced encryption Trojans are infective on computers that can be restored by using backup images and the Shadow Volume Copies made by Windows. You might want to explore what services like Google Drive, Dropbox, and Microsoft's OneDrive offer when you need to store your backups safely.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.