Threat Database Ransomware CryptoCat Ransomware

CryptoCat Ransomware

By GoldSparrow in Ransomware

The CryptoCat Ransomware is a standard encryption Trojan that uses asymmetric cryptography to lock the user's data and attach the '.cryptocat' suffix to filenames. The CryptoCat Ransomware replaces the default file extension with its own and prevents the users from reading the content of the document. The CryptoCat Ransomware is not as sophisticated as other cryptomalware like the Zepto Ransomware and the CryPy Ransomware, but it is as effective as any other Ransomware.

Similarly to the NoobCrypt Ransomware, the CryptoCat Ransomware is delivered to users via spam mail and corrupted links. The CryptoCat Ransomware is a Trojan that may run without administrative privileges on the infected PC and can lock data on every connected device when it initiates the encryption procedure. Researchers revel that the CryptoCat Ransomware might lock the data inside the default users library first and continue to other locations further into the encryption process. The CryptoCat Ransomware is likely to target commonly used data containers like:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd,.wmv, .xls, .xlsx, .xps, .xml, .ckp, zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

Corrupted data can be moved and copied, but you will not be able to read the files with their default application. Users can recognize affected items by the '.cryptocat' file extension. For example, 'red queen by victoria aveyard.epub' will be transcoded to 'red queen by victoria aveyard.cryptocat' The CryptoCat Ransomware will load the following ransom message on the victim's screen:

'Support e-mail: mls82@hush.ai mls82@bk.ru
Your personal files encryption produced on this computer: photos, videos, documents, etc. Encryption was produced using a unique public key RSA-2048 generated for this computer.
To decrypt files you need to obtain the private key.
The single copy of the private key, which will allow to decrypt the files, located on a secret server on the Internet; the server will destroy the key after 168 hours.
After that nobody and never will be able to restore files.
To obtain the private key for this computer, you need pay 1.45 Bitcoin (~611 USD)
Your Bitcoin address: [wallet address to transfer BTC]
You must send 1.45 Bitcoin to the specified address and report it to e-mail customer support.
In the letter must specify your Bitcoin address to which the payment was made.'

You should avoid paying the ransom because the operators of the CryptoCat Ransomware are not likely to send a decryptor to your email. Ransomware creators and distributors aim to collect payment and are not known for their reliability and trustworthiness. The CryptoCat Ransomware may drop other threats on your machine and you should not pay extortionists. Experts advise users to delete the CryptoCat Ransomware using a credible anti-malware tool. You may be able to restore your data by using the Shadow Volume Copies made by Windows, as well as other backup services like Google Drive, Dropbox and Microsoft's OneDrive.

Trending

Most Viewed

Loading...