CryptoDevil Ransomware
PC security analysts first observed the CryptoDevil Ransomware attacks on March 19, 2017. The CryptoDevil Ransomware does not seem to belong to a larger family of ransomware and is designed to attack English speakers. The CryptoDevil Ransomware has the appearance of a legitimate application and is quite organized in regards to the ransom payments and procedures. The CryptoDevil Ransomware increases the amount of its ransom gradually until it reaches the amount of $100 USD after 72 hours have passed. According to the CryptoDevil Ransomware message, the decryption key is deleted after 82 hours have passed, which makes a recovery from the attack impossible.
Table of Contents
How the CryptoDevil Ransomware may Enter a Computer and Carries out Its Attack
The CryptoDevil Ransomware may be installed through the use of a corrupted spam email attachment. However, the CryptoDevil Ransomware can be delivered in a variety of ways, which may include hacking into the victim's computer directly or using corrupted files distributed online through torrent networks and shady websites. Malware analysts have observed two versions of the CryptoDevil Ransomware, which ensures that the CryptoDevil Ransomware attacks have a wider array of targets. As soon as the CryptoDevil Ransomware enters a computer, the CryptoDevil Ransomware displays a lock screen that prevents computer users from accessing their Desktops or the Windows Explorer. tTe CryptoDevil Ransomware also will disable the Task Manager, the Windows Command Line or the Registry Editor, rendering the victim helpless. The CryptoDevil Ransomware's lock screen is in red with a black text, which are alarming colors that contribute to scare the victims and cause them to act irrationally. The following text is contained in the CryptoDevil Ransomware's lock screen:
'Your Computer Has Been Locked
Your computer have been successfully locked you have up to 70 hours
to buy a key to unlock your contract in case files will be deleted.
Email: mutr0lblackhat@gmail.com
Payment: Bitcoin 20$
Insert this key
[text box]
Unlock'
Recovering from the CryptoDevil Ransomware
In the case of the lock screen version of the CryptoDevil Ransomware, PC security researchers have been able to recover the code necessary to bypass the lock screen. Simply type 'kjkszpj' into the lock screen text box to regain access to the infected computer. Unfortunately, apart from the CryptoDevil Ransomware lock screen version, there is an encryption ransomware version of the CryptoDevil Ransomware that carries out a more severe attack on the victim's data.
The encryption ransomware version of the CryptoDevil Ransomware encrypts the victims' files using a strong encryption algorithm. The CryptoDevil Ransomware targets a large variety of file types, ensuring that the victims are locked out of their data completely. The CryptoDevil Ransomware displays its ransom note in an HTA program window named Ransomware CryptoDevil. The text of this ransom message reads as follows:
'Ransomware Decrypter Panel
CryptoDevil
Your Files Has Been Encrypted
All your files have been encrypted.
Buy a key to decrypt your files
more instructions forthcoming. - cryptodevil
Payment Key Price About
Key Price Or After Hours
1. After 10 Hours Key Price = $20
2. After 24 Hours Key Price = $30
3. After 48 Hours Key Price = $50
4. After 72 Hours Key Price = $100
After 82 hours if you do not buy the key your files will be encrypted for the rest of your life.
Creator: mutr0l
Contact: contactcryptodevil@gmail.com
Greatz: WebDark - DebutySec
'Every human has its fatal weakness and this
fatal weak point is social engineering
#EncryptTheWorld'
Dealing with the CryptoDevil Ransomware Encryption
Unfortunately, in the case of the encryption ransomware version of the CryptoDevil Ransomware, recovery is not as simple a entering a short password into a text box. In fact, computer users will have to accept that their files have become unrecoverable frequently since paying the ransomware is not recommended. The best protection against threats like these is always to have backups of all files, allowing recovery of all the affected files immediately after the attack and removing the attacker's leverage.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.