CCryptor Ransomware Description
Malware researchers struggle to keep up with all the data-locking Trojans, which are being pumped out into the wild by greedy cyber crooks with a lack of morals. Cybersecurity experts put a lot of effort into developing decryption tools that they release publicly to help infected users. However, with the sheer amount of ransomware threats out there, this is truly a Sisyphean task. At the end of October 2019, yet another ransomware was spotted lurking on the Web. It goes by the name CCryptor Ransomware and, so far, does not appear to be associated with any of the known ransomware families.
Propagation and Encryption
It has not been determined what infection vectors are being used in the spreading of this new file-encrypting Trojan. Some believe that the main culprit here is spam email campaigns, as this is one of the most popular methods of propagating threats of this type. Usually, the emails would contain a carefully tailored message and an infected attachment. The user is urged to launch the attachment, often masked as an important document, which would lead to the compromising of their system. The CCryptor Ransomware will scan the data on the PC as soon as it manages to infiltrate it. This helps the threat determine the locations of the files, which are considered to be of interest. Authors of ransomware threats make sure their creations are able to encrypt a wide variety of file types, as this makes it more likely for the victim to consider giving in and paying up. Next, the CCryptor Ransomware applies an encryption algorithm to lock the targeted files. The newly locked files will have an added extension to them – '.ccryptor.' This means that a file named 'September-Sun.jpeg' previously will be renamed to 'September-Sun.jpeg.ccryptor' and will no longer be usable.
The Ransom Note
When the encryption process is completed, the CCryptor Ransomware drops a ransom note named 'README!!!.txt' which states:
’ Your files were encrypted using AES-256 algorithm.
To decrypt them, you need to send the code
To the email address email@example.com
And we will send you instructions for paying the ransom and decrypting files.
You must pay a ransom of $80.
Every day the ransom amount will increase by $5.
After 4 days all encrypted files will be deleted.’
The attackers claim to have used the popular AES-256 encryption algorithm to lock the victim's files. The ransom fee demanded is $80, but the authors warn that with each passing day, the price will be rising by $5. Furthermore, if the victim fails to pay up within four days of the attack taking place, the attackers claim that their data will be deleted. The creators of the CCryptor Ransomware also have included an email address as a mean of contacting them – ‘firstname.lastname@example.org.'
Stay away from cyber crooks as they are known to make promises, which they rarely keep. Even if you pay, the ransom fee demanded chances are you will not be provided with the decryption key that will decode your data. This is why it is recommended to consider downloading and installing a reputable anti-malware tool and using it to remove the CCryptor Ransomware from your computer.
Do You Suspect Your PC May Be Infected with CCryptor Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like CCryptor Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.