Threat Database Ransomware CryptoSweetTooth Ransomware

CryptoSweetTooth Ransomware

By GoldSparrow in Ransomware

The CryptoSweetTooth Ransomware is a ransomware Trojan that is used to force computer users to pay large sums of money. The CryptoSweetTooth Ransomware is identical to various other ransomware Trojans that are active in the wild and belongs to a large family of ransomware Trojans based on HiddenTear, an open source ransomware engine project that is the basis for a large number of encryption ransomware Trojans released in 2016 and 2017. The CryptoSweetTooth Ransomware may be distributed via corrupted email attachments, in the form of corrupted documents attached to spam email messages that use some social engineering tactic. The CryptoSweetTooth Ransomware uses exploits involving macros and JavaScript to infect the victims' computers.

The CryptoSweetTooth Ransomware Attack Targets Computer Users in Spanish-Speaking Areas

The current version of the CryptoSweetTooth Ransomware seems only to exist in a Spanish language version. Spam campaigns linked to the CryptoSweetTooth Ransomware infection are being carried out in countries such as Panama, Spain, Peru, Mexico, Chile and Argentina. The CryptoSweetTooth Ransomware carries out a typical ransomware attack, using a strong encryption method that combines the RSA and AES encryption to make the victim's files inaccessible. The CryptoSweetTooth Ransomware will infect files on all local drives and shared drives. The CryptoSweetTooth Ransomware creates a list of the encrypted files. The CryptoSweetTooth Ransomware scans the infected computer in search for certain file types, typically belonging to commonly used applications and media formats. The files that have been encrypted by the CryptoSweetTooth Ransomware are no longer readable and can be identified easily because they will be marked with the file extension '.locked.' The CryptoSweetTooth Ransomware's ransom note is delivered in the form of an HTML file that is opened by the victim's Web browser and an image that replaces the victim's Desktop wallpaper image. The ransom note contains a message in Spanish, which translated to English reads as follows:

'YOUR PERSONAL FILES HAVE BEEN ENCIPHERED BY Crypto-SweetTooth
Your photos, videos, documents and database have been encrypted by a powerful algorithm using a unique key generated by this computer.
How to recover the files?
To recover your encrypted files and receive security instructions so that this does not happen again, you must make a payment of 0.5BTC and send them to the following address: [34 RANDOM CHARACTERS]
Once the payment has been made you should send an email to the address, bitcoin account you used to send the funds. Once verified and confirmed you will receive a reply with the program and password to decrypt the files.
How to buy Bitcoins?
If you are in Argentina you can buy Bitcoins in the following companies:
Ripio.com
Satoshitango
ArgenBTC
saldo.com.ar
mercadolibre.com.ar
After having made the purchase from any of the pages mentioned above, you must send them to the Bitcoin address specified at the beginning, marked RED.'

Dealing with the CryptoSweetTooth Ransomware Infection

The authors of the CryptoSweetTooth Ransomware can be contacted through the email address cryptosweetooth@Gmail.com. The CryptoSweetTooth Ransomware's ransom amount is 0.5 BitCoin, which is approximate $500 USD at the current exchange rate. Unfortunately, it is not possible to decrypt the files affected by the CryptoSweetTooth Ransomware. However, malware researchers advise against paying the CryptoSweetTooth Ransomware ransom. Instead, take preventive measures, especially by establishing backups of all files. If backup copies of the affected files are present, then the con artists lose any leverage they have over the victim. After all, what incentive is there to pay the ransom if one can simply restore the affected file from a backup copy for free? It is necessary, however, to remove the CryptoSweetTooth Ransomware infection itself with a reliable security program that is completely up-to-date before restoring the files from backup copies. Otherwise, there is the risk of having the backup copies become encrypted as well, and the CryptoSweetTooth Ransomware infection infiltrating the backup memory device.

Trending

Most Viewed

Loading...