'.cryptoid File Extension' Ransomware
The '.cryptoid File Extension' Ransomware Trojan is designed to take victims' files hostage and then demand a ransom payment, which is a typical ransomware attack. The '.cryptoid File Extension' Ransomware was first observed on April 8, 2019. The '.cryptoid File Extension' Ransomware is generally delivered to victims via corrupted spam email attachments and through pirated software.
How the '.cryptoid File Extension' Ransomware Attacks a Computer
The '.cryptoid File Extension' Ransomware uses the AES and RSA encryptions to make the victim's files inaccessible, targeting a wide variety of data containers. The following are examples of the user-generated files that threats like the '.cryptoid File Extension' Ransomware target in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The '.cryptoid File Extension' Ransomware attack marks the files it encrypts with the file extension '.cryptoid,' which is added the file's name. The '.cryptoid File Extension' Ransomware then will drop a text file with the ransom note. These ransom notes have been observed with names such as '@@_BENI_OKU_@@.txt,' '@@_DIKKAT_@@.txt,' and '@@_SILINEN_VERILER_@@.txt' and are dropped on the infected computer's desktop. The '.cryptoid File Extension' Ransomware ransom note is written in Turkish and reads as follows:
'Merhabalar,
Bir kısım dosyalarınız tarafımdan şifrelenmiştir.
Bu dosyaların çözümü bendeki sifre ve çözme yazılımı olmadan imkansızdır. Dosyalarınızı eski haline getirmemi istiyorsanız bana krkcdkkn@gmail.com mail adresinden ulaşınız
Anlaştığımız miktarda bir parayı bana ulaştırır ulaştırmaz nızdaki bilgilerinizi eski haline getireceğim.
Bunun dışındaki çözüm arama girişimleri sıze sadece zaman kaybettir.
Sifrelenmis dosyaların sadece üzerinde oynanmamışlarının geri geleceğini unutmayınız,
bu yüzden dosyaların üstünde oynayıp onları bozmayınız.
=========
Bana mail yazarken lütfen dıs ip adresinizi konu / subject kısmında belirtiniz. Aynı gün yazmanız
durumunda bilgilerinizi açmak için talep etmeyi düşünüp not aldığım rakam üzerinden %25 indirim yapacağım.
=========
Her türlü sorularınız için krkcdkkr@gmail.com adresinden mail yazabilir
ya da bu maile bağlı hangouts sistemı üzerinden anlık ileti gönderebilirsiniz. krkcdkkn@amail.com'
Which, translated to English, reads as follows:
'Hello,
Some of your files are encrypted by me.
The solution to these files is impossible without the encryption and decryption software. If you want me to restore your files, please contact me at krkcdkkn@gmail.com
I'm going to restore your data as soon as we get the amount of money we've agreed to.
Attempts to search for solutions other than this are just a waste of time.
Please note that the encrypted files will only come back if they have not been altered,
so do not play with the files.
=========
Please write your external ip address in subject line. Write on the same day
to open your data in case you want to recover and I will give a 25% discount on the figure.
=========
For any questions, you can send e-mails to krkcdkkr@gmail.com
or you can send instant messages via hangouts system. krkcdkkn@gmail.co'
Dealing with the '.cryptoid File Extension' Ransomware
While it is not possible to restore the files encrypted by many ransomware Trojans currently, it may be possible to restore data encrypted by the '.cryptoid File Extension' Ransomware. The '.cryptoid File Extension' Ransomware is a variant of the Aurora Ransomware, and decryption software for the Aurora Ransomware variants may help victims restore their data from a '.cryptoid File Extension' Ransomware attack. As with most encryption ransomware Trojans, having file backups is the best way to mitigate the effects of an infection.
