Trojan.Cryptolocker.F
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 90 % (High) |
Infected Computers: | 2 |
First Seen: | June 5, 2014 |
Last Seen: | June 12, 2019 |
OS(es) Affected: | Windows |
Trojan.Cryptolocker.F is a threat that encrypts the victims' files and then demands payment for a ransom in order to decrypt those files. Trojan.Cryptolocker.F is a form of threat and is just one out of dozens of variants on the same basic strategy. The tactic associated with this Trojan.Cryptolocker.F variant specifically targets computers in Australia by sending out threatening email messages that are disguised as energy bills from an important energy company in Australia.
Table of Contents
Trojan.Cryptolocker.F Encrypts the PC User’s Documents
Trojan.Cryptolocker.F enters a computer through a threatening file attachment or embedded link contained in spam email. Once Trojan.Cryptolocker.F is installed, Trojan.Cryptolocker.F encrypts documents on the PC user's computer, specifically searching out for sensitive data in order to cause damage. Trojan.Cryptolocker.F also drops text and HTML files with the following wording:
!!! YOUR SYSTEM IS HACKED !!! All your files was encrypted with Cryptolocker! This means that without the decryption key the recovery of your files is not possible, If your files have a value to you and you are willing to pay me for the decryption key please contact me: decrypt-request@mail.ua You have 3 days to pay for my services. After this period, you will lose all your files. Anti-virus software can remove Cryptolocker, but can not decrypt your fles. The only way to recover your files -is to pay for the decryption key. Information for IT-specialist: Data was encrypted with AES (Rijndael) algorithm with the session key length if 256 bits. Session key is encrypted with RSA (2048 bits) algorithm. Public-key is enclosed into Cryptolocker. Private-key for decryption of the session key is stored only in my database. To crack this key, you will need more than a million years time.
These messages threaten computer users, claiming that it is necessary to pay in order to decrypt the encrypted data. The threatening email message associated with Trojan.Cryptolocker.F uses very convincing text and logos and imitates closely the normal email messages sent out by Energy Australia to customers using a spoofed email address. There are certain details in the Trojan.Cryptolocker.F email that are particularly suspicious, such as the fact that it doesn't include the addressee's name (as a normal email from the energy company would) as well as a few misspelled words and grammar mistakes. This threatening email message contains an embedded link claiming that it lets computer users 'view their bill details.' However, this link leads to a phishing page, a Web page disguised to look like a website of the energy company. There is a curious tactic here: the Trojan.Cryptolocker.F webpage includes a captcha that, once solved, claims that it is necessary to download the bill in the form of a ZIP file, which contains Trojan.Cryptolocker.F.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.