Cryptorium Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 20 % (Normal) |
Infected Computers: | 159 |
First Seen: | December 16, 2016 |
Last Seen: | June 19, 2022 |
OS(es) Affected: | Windows |
The Cryptorium Ransomware was reported by gamers who were looking to get their hands on a cracked version of FIFA 2017 by EA Sports. The Cryptorium Ransomware may be distributed to Windows users as cracks for digital games and 'free copies' of shareware. Security analysts reveal that the Cryptorium Ransomware is a standard encryption Trojan that does nothing fancy. The developers of stick to tried-and-true practices introduced by threats like the CTB-Locker and Locky. The Cryptorium Ransomware does not wait for the user to restart the computer and builds a list of targeted files as soon it is installed. The Cryptorium Ransomware Trojan can run from the Temp directory, feature a misappropriated digital certificate and use limited system resources to avoid raising any alarms.
The content of data containers is encrypted using the AES-256 cipher. Observation revealed that the Cryptorium Ransomware does not append a new file extension, which is common for threats like the 'ReCoVeRy+[RANDOM LETTERS] File Extension' Ransomware. Enciphered files are represented by a white icon in the Windows Explorer and users may receive alerts that data on the system is corrupted. The Cryptorium Ransomware is not in the top 10 encryption Trojans, but its encryption can not be broken with brute force attacks and researchers hope to find vulnerabilities in its code and provide a free decryptor to compromised users. The Cryptorium Ransomware can lock objects on the local drives and removable media connected to your computer at the time the encryption process was underway. If the Cryptorium Ransomware is not impeded in its work users will notice a ransom notification on their desktops that looks like a program window titled Cryptorium. The notification looks very similar to the one used by the VaultCrypt Ransomware and provides the following message:
'OH NO, YOU HAD BAD LUCK TODAY. ALL YOUR FILES ARE ENCRYPTED! BUT! I HAVE NOT DELI. i tO THEM YET! PURCHASE A "GBO KEY" TO DECRYPT YOUR FILES. IF NOT ALL ENCRYPTED FILES WILL BE PERMANENTLY DELEi tO WITHIN 32H AND THEN THERE IS NO WAY TO RECOVER THEM! BE QUICK OR NO FILES!
ALL SERVERS ARE DOWN AT THE MOMENT! YOU WILL HAVE TO FIND IT OUT! OH AND THE GBO KEYS ARE ALL GENERATED RANDOMLY! >:]
[text box]
DECRYPT WITH CODE'
As stated above, there is no free decryption software available to users affected by the Cryptorium Ransomware. You need to be prepared accordingly to face threats like the Cryptorium Ransomware and the 'Love.server@mail.ru' Ransomware, which change their codes on a daily basis. A good backup manager set to asynchronous backup and services like Google Drive can be helpful in securing your data. You should not keep your system unprotected against contemporary threats and might want to install a trustworthy anti-malware shield that would allow you to block incommoding attacks. AV vendors are known to detect versions of the Cryptorium Ransomware as:
- Generic PUA PL (PUA)
- HEUR/QVM03.0.0000.Malware.Gen
- MSIL/Hoax.FakeFilecoder.Cryptorium.A
- Ransom_CRYPTORIUM.A
- Trojan.Generic.D3B7085
- W32.Troj.Ransom.Filecoder!c
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.