CrypVault

By GoldSparrow in Ransomware

A new crypto-ransomware named CrypVault, also detected as BAT_CRYPVAULT.A, is attacking computers users all around the world, especially Russian users. CrypVault invades a computer when its user opens a spam email attachment that installs CrypVault. CrypVault encrypts the user files including .rtf, .zip, .jpg, .doc and .pdf by appending an a .vault extension to it and making the computer users believe that these files are quarantined. Then, the computer users may panic due to their crucial files being inaccessible and agree with the payment of the ransom demanded by CrypVault. The ransom note and payment instructions will appear when the victim tries to open any encrypted file. CrypVault, uses the GNU Privacy Guard (GnuPG) tool that generates the key to encrypt the files. To make things worse, CrypVault utilizes the SDelete Microsoft tool to remove crucial files employed in the encryption process, to prevent the victims from unlocking their files without paying the asked fee and downloads and executes a hacking tool named Browser Password Dump compatible with Safari, Google Chrome, Opera, Mozilla Firefox and Internet Explorer to collect the users login password for these browsers. Security experts advise not paying the ransom since the correct keys may not be provided. The best course of action for computer users infected by CrypVault is to use their last backup to restore the encrypted files.

Trending

Most Viewed

Loading...