Threat Database Ransomware SecureCryptor Ransomware

SecureCryptor Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 5
First Seen: June 27, 2016
Last Seen: October 27, 2021
OS(es) Affected: Windows

The SecureCryptor Ransomware is an encryption ransomware Trojan that carries out what has become a very well known type of attack. Essentially, the SecureCryptor Ransomware encrypts the victim's files, demanding the payment of a ransom in exchange for the decryption key. The SecureCryptor Ransomware has received its name because it adds the extension 'SECURECRYPTED' to the files that have been encrypted. It seems that the SecureCryptor Ransomware is a typical variant of these threats, carrying out an attack that has been observed countless times before in previous attacks. As with other ransomware Trojans, the best protection is to backup all files and use a reliable security application that is fully up-to-date to prevent the SecureCryptor Ransomware from entering the victim's computer in the first place.

The SecureCryptor Ransomware Warns Its Victims About the Attack

Like other encryption ransomware Trojans, the SecureCryptor Ransomware enters the victim's computer and scans all the drives for files matching a list of file extensions contained in the SecureCryptor Ransomware's configuration files. Once it has completed its scan, the SecureCryptor Ransomware encrypts these files using an encryption algorithm, with the decryption key stored on its Command and Control server and out of reach of the computer user or the security software on the infected computer.

Every time the SecureCryptor Ransomware encrypts a file, it drops a copy of its ransom note on the victims' computer, alerting them of the attack. The SecureCryptor Ransomware's ransom notes follow an easily identifiable pattern that uses the file name, separated by a period from the string 'Contact_Here_To_Recover_Your_Files.' The SecureCryptor Ransomware ransom notes tend to take the form of text files with the extension 'TXT' and are dropped in every directory where files were encrypted by the SecureCryptor Ransomware. The following is a ransom message that has been associated with the SecureCryptor Ransomware's ransom notes:

'A L L Y O U R F I L E S A R E E N C R Y P T E D
All your data - documents, photos, videos, backups - everything is encrypted.
The only way to recover your files: contact us to the next email: recoveryhelp@bk.ru
Attach to e-mail:
1. Text with your IP server as Subject (To locate your encryption algoritm)
2. 1-2 encrypted files (please dont send files bigger than 1 MB)
We will check the encrypted file and send to you an email with your
Decrypted FILE as proof that we actually have the decrypter software.
Remember:
1. The FASTER you'll CONTACT US - the FASTER you will RECOVER your files.
2. We will ignore your e-mails without IP server number in Subject.
3. If you haven't received reply from us in 24 hours - try to contact us via public e-mail services such as Yahoo or so.'

Dealing with the SecureCryptor Ransomware

Although currently there is no decryption utility for the SecureCryptor Ransomware released by PC security analysts, PC security researchers suspect that it will be possible to create a decryption utility to help victims of this attack. Computer users can help PC security researchers by submitting copies of encrypted files with an unencrypted original, as well as copies of the ransomware executable to malware researchers. It is highly likely that a decryption utility for the SecureCryptor Ransomware will eventually be released since the encryption used does not seem to be particularly strong when compared to other, similar threats.
Computer users should have a reliable security program active at all times that is fully up to date to prevent the SecureCryptor Ransomware from entering a computer in the first place. To become fully invulnerable to the SecureCryptor Ransomware and similar attacks, PC security researchers recommend that computer users use a backup method of an off-site memory device. Having backups of all files will make this attack completely ineffective since the encrypted files can be easily recovered from the backup.

SpyHunter Detects & Remove SecureCryptor Ransomware

File System Details

SecureCryptor Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 196b1e6992650c003f550404f6b1109f 1

Trending

Most Viewed

Loading...