CryptoShocker Ransomware

The CryptoShocker Ransomware is a ransomware Trojan that encrypts its victims' files and then asks for a ransom of approximately $200 USD using BitCoins to provide the decryption key. Files encrypted by the CryptoShocker Ransomware will have the extension '.LOCKED' added to their name. There will also be a shortcut to their decryption site on TOR dropped on the victim's desktop named ATTENTION.url. The decryption site contains an email address, CryptoShocker@tutanota.com, which belongs to the CryptoShocker Ransomware's developer presumably.

The Hard-to-Crack Encryption Used by the CryptoShocker Ransomware

The CryptoShocker Ransomware first emerged in summer of 2016 and had caught the attention of PC security analysts. PC security researchers strongly advise that computer users install and keep a fully updated and reliable anti-malware program. The CryptoShocker Ransomware belongs to a large family of ransomware Trojans that use the @india.com email addresses to demand ransom from computer users. The CryptoShocker Ransomware is similar to most of the recently discovered ransomware variants, including that the CryptoShocker Ransomware uses the '.LOCKED' extension for encrypted files. The one thing that makes the CryptoShocker Ransomware different from other threats is that the CryptoShocker Ransomware uses the victims' Web browser to redirect them to its TOR payment site. The following are the types of file extensions that this threat searches for and encrypts:

.asf, .pdf, .xls, .docx, .xlsx, .mp3, .waw, .jpg, .jpeg, .txt, .rtf, .doc, .rar, .zip, .psd, .tif, .wma, .gif, .bmp, .ppt, .pptx, .docm, .xlsm, .pps, .ppsx, .ppd, .eps, .png, .ace, .djvu, .tar, .cdr, .max, .wmv, .avi, .wav, .mp4, .pdd, .php, .aac, .ac3, .amf, .amr, .dwg, .dxf, .accdb, .mod, .tax2013, .tax2014, .oga, .ogg, .pbf, .ra, .raw, .saf, .val, .wave, .wow, .wpk, .3g2, .3gp, .3gp2, .3mm, .amx, .avs, .bik, .dir, .divx, .dvx, .evo, .flv, .qtq, .tch, .rts, .rum, .rv, .scn, .srt, .stx, .svi, .swf, .trp, .vdo, .wm, .wmd, .wmmp, .wmx, .wvx, .xvid, .3d, .3d4, .3df8, .pbs, .adi, .ais, .amu, .arr, .bmc, .bmf, .cag, .cam, .dng, .ink, .jif, .jiff, .jpc, .jpf, .jpw, .mag, .mic, .mip, .msp, .nav, .ncd, .odc, .odi, .opf, .qif, .xwd, .abw, .act, .adt, .aim, .ans, .asc, .ase, .bdp, .bdr, .bib, .boc, .crd, .diz, .dot, .dotm, .dotx, .dvi, .dxe, .mlx, .err, .euc, .faq, .fdr, .fds, .gthr, .idx, .kwd, .lp2, .ltr, .man, .mbox, .msg, .nfo, .now, .odm, .oft, .pwi, .rng, .rtx, .run, .ssa, .text, .unx, .wbk, .wsh, .7z, .arc, .ari, .arj, .car, .cbr, .cbz, .gz, .gzig, .jgz, .pak, .pcv, .puz, .rev, .sdn, .sen, .sfs, .sfx, .sh, .shar, .shr, .sqx, .tbz2, .tg, .tlz, .vsi, .wad, .war, .xpi, .z02, .z04, .zap, .zipx, .zoo, .ipa, .isu, .jar, .js, .udf, .adr, .ap, .aro, .asa, .ascx, .ashx, .asmx, .asp, .indd, .asr, .qbb, .bml, .cer, .cms, .crt, .dap, .htm, .moz, .svr, .url, .wdgt, .abk, .bic, .big, .blp, .bsp, .cgf, .chk, .col, .cty, .dem, .elf, .ff, .gam, .grf, .h3m, .h4r, .iwd, .ldb, .lgp, .lvl, .map, .md3, .mdl, .nds, .pbp, .ppf, .pwf, .pxp, .sad, .sav, .scm, .scx, .sdt, .spr, .sud, .uax, .umx, .unr, .uop, .usa, .usx, .ut2, .ut3, .utc, .utx, .uvx, .uxx, .vmf, .vtf, .w3g, .w3x, .wtd, .wtf, .ccd, .cd, .cso, .disk, .dmg, .dvd, .fcd, .flp, .img, .isz, .mdf, .mds, .nrg, .nri, .vcd, .vhd, .snp, .bkf, .ade, .adpb, .dic, .cch, .ctt, .dal, .ddc, .ddcx, .dex, .dif, .dii, .itdb, .itl, .kmz, .lcd, .lcf, .mbx, .mdn, .odf, .odp, .ods, .pab, .pkb, .pkh, .pot, .potx, .pptm, .psa, .qdf, .qel, .rgn, .rrt, .rsw, .rte, .sdb, .sdc, .sds, .sql, .stt, .tcx, .thmx, .txd, .txf, .upoi, .vmt, .wks, .wmdb, .xl, .xlc, .xlr, .xlsb, .xltx, .ltm, .xlwx, .mcd, .cap, .cc, .cod, .cp, .cpp, .cs, .csi, .dcp, .dcu, .dev, .dob, .dox, .dpk, .dpl, .dpr, .dsk, .dsp, .eql, .ex, .f90, .fla, .for, .fpp, .jav, .java, .lbi, .owl, .pl, .plc, .pli, .pm, .res, .rsrc, .so, .swd, .tpu, .tpx, .tu, .tur, .vc, .yab, .aip, .amxx, .ape, .api, .mxp, .oxt, .qpx, .qtr, .xla, .xlam, .xll, .xlv, .xpt, .cfg, .cwf, .dbb, .slt, .bp2, .bp3, .bpl, .clr, .dbx, .jc, .potm, .ppsm, .prc, .prt, .shw, .std, .ver, .wpl, .xlm, .yps, .1cd, .bck, .html, .bak, .odt, .pst, .log, .mpg, .mpeg, .odb, .wps, .xlk, .mdb, .dxg, .wpd, .wb2, .dbf, .ai, .3fr, .arw, .srf, .sr2, .bay, .crw, .cr2, .dcr, .kdc, .erf, .mef, .mrw, .nef, .nrw, .orf, .raf, .rwl, .rw2, .r3d, .ptx, .pef, .srw, .x3f, .der, .pem, .pfx, .p12, .p7b, .p7c, .jfif, .exif.

The CryptoShocker Ransomware offers computer users a choice for their payment. Apparently, the CryptoShocker Ransomware includes various BitCoin exchange programs to carry out payment. PC security analysts strongly advise PC security researchers to avoid paying the CryptoShocker Ransomware ransom. In the first place, paying the ransom for these kinds of threats enables con artists to continue carrying out these attacks. Furthermore, trusting these people to provide the decryption key after you have made the payment is not a good idea since you have no guarantee that they will keep their word. Unfortunately, a decryption utility has not been released. However, some computer users have had some success using data recovery programs.

How the CryptoShocker Ransomware and Similar Ransomware Trojans may be Distributed

The most common way in which the CryptoShocker Ransomware and similar threats are distributed is through corrupted email attachments. The con artists have developed the capability to deliver email messages that look highly genuine and capable of tricking even advanced computer users. These emails may contain an email attachment. However, these email attachments, which may be scanned by email providers, have been replaced by embedded links gradually, which may lead computer users to attack websites containing exploit kits. Email messages associated with the CryptoShocker Ransomware and similar threats may appear to have been sent by Microsoft, the IRS, messaging companies, airlines, banks, or other trustworthy institutions.

Dealing with and Preventing the CryptoShocker Ransomware Attacks

Uninstalling the CryptoShocker Ransomware manually may not be a good idea since the risk of the files becoming encrypted again is high. Instead, a strong anti-malware program that is fully up-to- date should be used to deal with these threats. Once the CryptoShocker Ransomware has been removed, malware analysts recommend restoring the files from a backup (since paying the CryptoShocker Ransomware ransom is not recommended). In fact, keeping a backup of all files is the best way to become completely invulnerable to the CryptoShocker Ransomware and other ransomware Trojans. Since the files can be restored easily, the con artists simply have no leverage over their victims. In fact, if computer users start backing up their files, in general, it is likely that these kinds of attacks would stop altogether.