Threat Database Ransomware AiraCrop Ransomware

AiraCrop Ransomware

By GoldSparrow in Ransomware

The AiraCrop Ransomware is a ransomware Trojan that belongs to the Crysis family of threats. Like other ransomware Trojans, the AiraCrop Ransomware is designed to encrypt the victims' files to demand the payment of a ransom. The AiraCrop Ransomware may be distributed by including it as a file attachment in spam email messages frequently. These email messages may appear to come from social media platforms such as Facebook, Twitter and Instagram. Attachments used to deliver the AiraCrop Ransomware may be Microsoft Word files that exploit vulnerabilities in this program's use of macros. These files, with the extension DOCX, will establish a connection to a remote server and download and execute the AiraCrop Ransomware's file onto the victim's computer.

The AiraCrop Ransomware Encrypts Various File Types

Files that have been encrypted by the AiraCrop Ransomware will have the extension '.the AiraCropencrypted!,' making it easy to know which files have been affected by the AiraCrop Ransomware. The AiraCrop Ransomware will encrypt the victim's files using a strong encryption algorithm, making them inaccessible to the computer users. The AiraCrop Ransomware takes the victim's files hostage, demanding the payment of a ransom in exchange for the decryption key. The AiraCrop Ransomware will encrypt almost 170 different file types. The following are some of the file extensions that are targeted for encryption by the AiraCrop Ransomware Trojan:

.odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps.

After encrypting the victim's files, the AiraCrop Ransomware will drop a ransom note on the victim's computer, demanding the payment of a ransom. The AiraCrop Ransomware will drop a text file on the victim's Desktop, which is named 'How to decrypt your files.txt.' The message inside the AiraCrop Ransomware's ransom note reads:

'Encrypted Files!
All your files are encrypted. Using encryption AES256-bit and RSA-2048-bit.
Making it impossible to recover the files without the correct private key.
If you are interested in getting is key, and retrieve your files
visit one of the links and enter your key;
[links to pages on the TOR Network]
Alternative link:
[links to pages on the TOR Network]
To access the alternate link is mandatory to use the TOR browser available on the link
[a 66-byte long key]'

Dealing with an AiraCrop Ransomware Infection

Victims of the AiraCrop Ransomware are provided with a payment website where they are asked to pay the AiraCrop Ransomware's ransom. The amount demanded by the AiraCrop Ransomware depends on the amount of data that was encrypted by the AiraCrop Ransomware. PC security analysts advise against paying the AiraCrop Ransomware's ransom. There is no reason to believe that the con artists responsible for the AiraCrop Ransomware will provide the decryption means, and even if they do, paying the AiraCrop Ransomware's ransom allows these con artists to continue developing these kinds of threat attacks.

SpyHunter Detects & Remove AiraCrop Ransomware

File System Details

AiraCrop Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 54217c1ea3e1d4d3dc024fc740a47757 0


Most Viewed