CCryptor Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 10 |
| First Seen: | November 5, 2019 |
| Last Seen: | March 6, 2020 |
| OS(es) Affected: | Windows |
Malware researchers struggle to keep up with all the data-locking Trojans, which are being pumped out into the wild by greedy cyber crooks with a lack of morals. Cybersecurity experts put a lot of effort into developing decryption tools that they release publicly to help infected users. However, with the sheer amount of ransomware threats out there, this is truly a Sisyphean task. At the end of October 2019, yet another ransomware was spotted lurking on the Web. It goes by the name CCryptor Ransomware and, so far, does not appear to be associated with any of the known ransomware families.
Propagation and Encryption
It has not been determined what infection vectors are being used in the spreading of this new file-encrypting Trojan. Some believe that the main culprit here is spam email campaigns, as this is one of the most popular methods of propagating threats of this type. Usually, the emails would contain a carefully tailored message and an infected attachment. The user is urged to launch the attachment, often masked as an important document, which would lead to the compromising of their system. The CCryptor Ransomware will scan the data on the PC as soon as it manages to infiltrate it. This helps the threat determine the locations of the files, which are considered to be of interest. Authors of ransomware threats make sure their creations are able to encrypt a wide variety of file types, as this makes it more likely for the victim to consider giving in and paying up. Next, the CCryptor Ransomware applies an encryption algorithm to lock the targeted files. The newly locked files will have an added extension to them – '.ccryptor.' This means that a file named 'September-Sun.jpeg' previously will be renamed to 'September-Sun.jpeg.ccryptor' and will no longer be usable.
The Ransom Note
When the encryption process is completed, the CCryptor Ransomware drops a ransom note named 'README!!!.txt' which states:
’ Your files were encrypted using AES-256 algorithm.
To decrypt them, you need to send the code
-
To the email address ccryptor@protonmail.com
And we will send you instructions for paying the ransom and decrypting files.
You must pay a ransom of $80.
Every day the ransom amount will increase by $5.
After 4 days all encrypted files will be deleted.’
The attackers claim to have used the popular AES-256 encryption algorithm to lock the victim's files. The ransom fee demanded is $80, but the authors warn that with each passing day, the price will be rising by $5. Furthermore, if the victim fails to pay up within four days of the attack taking place, the attackers claim that their data will be deleted. The creators of the CCryptor Ransomware also have included an email address as a mean of contacting them – ‘ccryptor@protonmail.com.'
Stay away from cyber crooks as they are known to make promises, which they rarely keep. Even if you pay, the ransom fee demanded chances are you will not be provided with the decryption key that will decode your data. This is why it is recommended to consider downloading and installing a reputable anti-malware tool and using it to remove the CCryptor Ransomware from your computer.
