AnonCrack Ransomware
The AnonCrack Ransomware is an encryption ransomware Trojan that was first observed carrying out attacks on October 12, 2017.The AnonCrack Ransomware is one of the many variants in the HiddenTear family of ransomware Trojans, all of them based on HiddenTear, an open source ransomware platform. The AnonCrack Ransomware is being delivered through fake software. One particular file that has been associated with the AnonCrack Ransomware directly is named 'Paypal Money Sender V2.0.exe' and seems to target computer users in Spanish speaking regions. It is important to take precautions against the AnonCrack Ransomware and similar threats.
Table of Contents
This Ransomware’s Name has a Double Meaning, but Its Work Doesn’t
The AnonCrack Ransomware uses AES 256 encryption to make the victim's files inaccessible. The AnonCrack Ransomware identifies the files it encrypts by adding the file extension '.crack' to the end of each of the affected files' names. Once the AnonCrack Ransomware has encrypted the victim's files, these files become inaccessible. The AnonCrack Ransomware and similar HiddenTear ransomware variants will target some file extensions in their attacks, which include:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
Apart from encrypting the victim's files, the AnonCrack Ransomware also will delete the Shadow Volume Copies of the targeted files. These are copies that are used by Windows to help with file recovery.
The AnonCrack Ransomware’s Ransom Note
The AnonCrack Ransomware will change the infected computer system's desktop image and deliver a ransom note after encrypting the victim's files. Both the changed desktop picture and ransom note contain the following note, written in Spanish:
'Tu computador ha sido hackeado y encriptado by ANONCRACK …!
¿COMO RECUPERAR TUS ARCHIVOS?
1. Realiza el pago de 30 USD ha esta direccion bitcoin : 1CvWhugm6QbHisVvhyRuKn81kQgVVs4ov8
2. Envia una captura del pago y nombre de tu PC ha este correo: anoncrack@protonmail.com
3. Una vez verificado tu pago, te enviaremos la KEY de DESENCRIPTACION
4. Disfruta de tus archivos personales
Tus amigos ANONCRACK'
Below is the English translation of the above ransom note:
'Your computer has been hacked and encrypted by ANONCRACK ...!
HOW TO RECOVER YOUR FILES?
1. Make the payment of 30 USD to this address bitcoin: 1CvWhugm6QbHisVvhyRuKn81kQgVVs4ov8
2. Send a screenshot of the payment and name of your PC to this email: anoncrack@protonmail.com
3. Once your payment has been verified, we will send you the KEY FOR DEDECRYPTION
4. Enjoy your personal files
Your friends ANONCRACK'
The AnonCrack Ransomware's ransom note is also delivered in a text file named 'PAGO.txt,' Spanish for 'PAYMENT.' It is important to avoid paying the AnonCrack Ransomware ransom. Apart from the fact that paying these ransoms allows the con artists to continue creating and distributing the AnonCrack Ransomware and similar threats, it also is very unlikely that the people responsible for the AnonCrack Ransomware attack will keep their promise to help victims of the attack to recover.
Preventing the AnonCrack Ransomware Attacks
Unfortunately, once the AnonCrack Ransomware encrypts your files, it becomes impossible to access or recover the affected files without the decryption key. Because of this, it is important to take preventive measures. The best action that can help computer users prevent the AnonCrack Ransomware attacks involves the use of a reliable backup method. Having file backups on the cloud and an external memory device is the best protection since that way computer users can restore their files without having to consider paying the AnonCrack Ransomware ransom.
